A kind of realization method and system of wireless messages safety means
Technical field
The present invention relates to information security field, more particularly to a kind of realization method and system of wireless messages safety means.
Background technology
In the prior art, information safety devices be realize Software security protection and copyright protection, network security protection or
The Main Means of authentication.So-called information safety devices are that one kind is attached to HPI(Such as:USB interface, serial ports, simultaneously
The interfaces such as mouth)On hardware device, to operating in specific software in main frame or sensitive information carries out safeguard protection and copyright is protected
Shield.In current Software Protection Technique, encryption lock is the most frequently used one kind.So-called encryption lock is a kind of using high intensity intelligence
Can the core of the card piece and advanced cryptological technique, the hardware system with certain computing and storage capacity, while being difficult to be cracked
And duplication, had a wide range of applications in high intensity software copyright protection.
The company as where the present inventor has produced a variety of encryption lock products, referring to following network address:http://
www.sense.com.cn/。
At present, the common form of encryption lock is an independent hardware device, and thing is carried out with main frame by USB or other interfaces
Reason connection.During the use of encryption lock, inventor has found there is problems with:
When the 1st, using encryption lock, it may be necessary to frequently plug encryption lock(As when going to work, come off duty daily, leaving
Plug lock process).Particularly in convenient, efficient society is nowadays advocated, this operation frequently, repeated is to user's
Using bringing great inconvenience.Prior art could not also solve to improve encryption lock ease for use, the technical problem of convenience.
2nd, if user forgets to pull out encryption lock, at this moment illegal person when using encryption lock interim busy away from keyboard
It is possible to avail oneself of the opportunity to get in, steals privacy of user or other data messages.
3rd, encryption lock is used as a kind of hardware device, when carrying out physical connection by the interface of joint and computer, Ke Nengcun
In electrostatic, so as to cause computer corruption, the loss of data is caused.
4th, encryption lock passes through joint and computer physical connection, when frequently plugging, encryption lock as a kind of hardware device
Joint there may be the loosening situation such as abrasion, contained spring, it is possible that the situation of link fails, so as to cause to use not
Just, and change joint also have certain cost.
5th, often have many people to participate in the research and development of project jointly or be used in conjunction with some resources, for protection Project Technical information
(Document, code etc.)Or the security of other private informations, corresponding adding by mandate can be typically distributed for everyone
Close lock.Participant carries out daily research and development by the lock of distribution and used with other.During this may someone forget or
Lose encryption lock, in addition, everyone distributes an encryption lock, and need to change situations such as easy appearance loss, damage, cost is too
It is high;And do not allow manageability when there is multiple encryption locks yet, it is possible that artificial information leakage, does not have in the prior art
It can control to manage the technical method of multiple encryption locks to solve the above problems.
The content of the invention
In view of this, the invention provides a kind of system and method for wireless messages safety means.Methods described step bag
Include:Information safety devices are opened to switch, the wireless transmitting-receiving equipments in its signal cover of information safety devices automatic detection
Wireless signal, detects wireless signal, wireless connection, in use, information safety devices first carry out authentication, certification passes through,
The data interaction between main frame and information safety devices is realized by the wireless transmitting-receiving equipments being connected with main frame;When leaving, manually
Or automatic closing information safety means, information safety devices disconnect automatically.The method provided by the present invention, can be saved
Cost, reduces the risk of information leakage, lifts Consumer's Experience.
A kind of wireless messages Secure Equipment System, including:At least one wireless transmitting-receiving equipments, information safety devices.Wherein
At least one described wireless transmitting-receiving equipments embedded micro-processor chip, is connected with main frame by HPI, specifically also included:
Wireless communication module, for described information safety means carry out radio communication and data interacts transmission;
Processing module, between the message according to transmission or instruction processing described information safety means and the main frame
Data interaction is operated;
Described information safety means, can realize Software security protection function, in addition to Software security protection function, also
Including:
Wireless communication unit, for carrying out radio communication with the wireless transmitting-receiving equipments, passes through the wireless transmitting-receiving equipments
Data interaction is carried out with the main frame;
Memory cell, for storing key, certificate, the facility information of described information safety means and/or the wireless receipts
Send out device identification list information, related data information when also storage is used;
Processing unit, carries out correspondence calculating processing for the message instruction to receiving and returns result to the master
Machine;
Switch, for control information safety means state, such as opens, closes;
Power supply unit, for providing electric power support for described information safety means, to ensure described information safety means
Normally use.
According to an aspect of the present invention, the wireless transmitting-receiving equipments have memory module, for storing enciphering and deciphering algorithm
The data messages such as key, facility information.
According to an aspect of the present invention, there is detection unit in described information safety means wireless communication unit, it is described
The wireless signal for the wireless device that detection unit is used in automatic detection wireless signal coverage.
According to an aspect of the present invention, the wireless transmitting-receiving equipments are Wireless USB receiver;
According to an aspect of the present invention, one information safety devices of at least one wireless transmitting-receiving equipments matching correspondence.
According to an aspect of the present invention, the switch can include various ways, such as button, slip mode.
According to an aspect of the present invention, the radio communication between described information safety means and the wireless transmitting-receiving equipments
Mode includes bluetooth, NFC.
According to an aspect of the present invention, said supply unit can be powered by battery to information safety devices, such as institute
Power supply unit is stated for lithium battery.
According to an aspect of the present invention, described information safety means include but is not limited to encryption lock.
A kind of implementation method of wireless messages safety means, wherein at least includes wireless transmitting-receiving equipments, an information security
Equipment, this method comprises the following steps:
Wireless transmitting-receiving equipments are connected by HPI with main frame;
Open wireless signal around information safety devices switch, information safety devices automatic detection;
Information safety devices are detected after wireless signal, are connected, are tested with sending the wireless device of the wireless signal automatically
Whether demonstrate,prove the wireless device is corresponding or matching unit;
If the wireless device is corresponding or matching equipment, show that the wireless device is and described information safety
The wireless transmitting-receiving equipments of coordinative composition of equipments, perform step 5, otherwise perform step 6;
Information safety devices set up wireless communication link with wireless transmitting-receiving equipments;
Order is attached item by item from the wireless signal list detected, judges that sending the wireless of the wireless signal sets
Whether standby be matching unit, performs step 4;If can not connect, information safety devices continue to detect other new wireless signals
And attempt connection;
During use information safety means, authentication is carried out;
If certification passes through, equipment that is legal or authorizing is shown to be, follow-up data interaction operation can be continued;Otherwise,
It is considered illegal or unauthorized device, points out authentification failure, re-authentication or prohibits the use of information safety devices;, can when leaving
With manually or automatically closing information safety means, disconnection of wireless connection.
According to an aspect of the present invention, when multiple wireless transmitting-receiving equipments match an information safety devices, information security
Equipment is connected with wireless transmitting-receiving equipments, sets up multiple radio communication channels, and each wireless transmitting-receiving equipments is each via independent communication
Link is communicated with information safety devices.
According to an aspect of the present invention, to ensure the security in data transmission procedure, AES pair can be passed through
The data of transmission are encrypted, and receiving terminal is received after encryption data, are decrypted, and then proceed to perform.According to the present invention's
One embodiment, the algorithm includes:The symmetrically or non-symmetrically mode such as algorithm.Symmetry algorithm includes AES, DES, TDES;It is non-
Symmetric encipherment algorithm includes RSA, ECC.
According to an aspect of the present invention, refer to open in information safety devices by automated manner closing information safety means
Open when can not be connected in state certain time with the wireless transmitting-receiving equipments of matching, information safety devices internal judgment is considered to leave
State, automatic closing information safety means.According to an embodiment of the invention, the certain time can be set with self-defined
Put.
The beneficial effect acquired by method provided by the present invention is:Using wireless mode connection communication, Ke Yijie
Cost-saving, reduces the risk of information leakage, lifts Consumer's Experience.
Brief description of the drawings
Fig. 1 is basic flow sheet of the invention;
Fig. 2 is the schematic flow sheet according to the preferred embodiments of the present invention 1;
Fig. 3 is the schematic flow sheet according to the preferred embodiments of the present invention 2.
Embodiment
For the objects, technical solutions and advantages of the present invention are more clearly understood, develop simultaneously embodiment referring to the drawings, right
The present invention is further described.
According to one embodiment of present invention, wireless transmitting-receiving equipments are a kind of embedded micro-processor in the present invention(MCU)Core
Piece, wireless communication module, the hardware device with storage and data processing function.Its outward appearance is similar to Wireless Keyboard or wireless mouse
Usb signal receiver in mark, small volume, is easily carried.Wireless transmitting-receiving equipments are typically encapsulated as the form of USB joint, pass through
USB interface is connected with main frame, is communicated by USB communications protocol and main frame.Certainly, those skilled in the art both knows about,
Wireless transmitting-receiving equipments can also be set up with computer by other interface shapes and are connected, and the form of this connection has a variety of feelings
Condition, and the focus of non-invention, it is not intended to limit the use scope of the present invention.
Having in the present invention, inside wireless transmitting-receiving equipments has channel radio inside wireless communication module, information safety devices
Believe unit, the wireless communication module, wireless communication unit contain the wireless control chip and antenna for performing wireless communication protocol,
It can set up and communicate to connect according to radio communication specification and other Wireless Telecom Equipments, then realize wireless transmitting-receiving equipments and information
Data interaction transmission between safety means.
According to an embodiment of the invention, wireless transmitting-receiving equipments and information safety devices the communication bag
Include bluetooth (Bluetooth), NFC etc..
According to an embodiment of the invention, described information safety means are communicated with wireless transmitting-receiving equipments using identical
Agreement, such as bluetooth.
In the present invention, information safety devices detect wireless signal, can be set automatically with sending the wireless of the wireless signal
Standby to be attached, whether checking information safety means are corresponding or corollary equipment with the wireless device for sending the wireless signal,
The verification mode includes but is not limited to following several ways:
1. wireless transmitting-receiving equipments, when dispatching from the factory, all with unique mark, are stored in respective equipment with information safety devices,
Be stored with legal or available wireless transmitting-receiving equipments unique mark list in information safety devices, when information safety devices are detected
When there are wireless transmitting-receiving equipments in signal cover, wireless transmitting-receiving equipments are connected automatically, are set up after connection, information safety devices
Judge the unique mark of wireless transmitting-receiving equipments currently connected whether wireless receive by legal or available in information safety devices
Send out in equipment unique mark list, if showing that information safety devices and the wireless transmitting-receiving equipments available set to be supporting
It is standby, if it was not then showing information safety devices and wireless transmitting-receiving equipments mismatch, i.e. information safety devices and the wireless receipts
It is not a set of equipment to send out equipment.
2. wireless transmitting-receiving equipments, when dispatching from the factory, the unique mark of information safety devices are also stored with information safety devices
In the wireless transmitting-receiving equipments of default fixed qty, there are wireless receipts when information safety devices are detected in signal cover
When sending out equipment, wireless transmitting-receiving equipments are connected automatically, are set up after connection, and wireless transmitting-receiving equipments obtain the information security currently connected and set
Standby unique mark, and contrasted with the information safety devices unique mark that is stored in inside wireless transmitting-receiving equipments, if one
Cause, then it is matching unit to show information safety devices and the wireless transmitting-receiving equipments;Otherwise, information safety devices and the wireless receiving and dispatching
Equipment is mismatch equipment.Certainly, those skilled in the art should be understood that in addition to above two method, can also use not
Verified with key or the calculating of algorithm or other means, the emphasis of this and non-invention, it is not intended to limit the present invention's
Use scope.
According to an aspect of the present invention, above-mentioned unique mark can be that device id, IP, random number, AES are close
Key, numeral, or its any combination.
Described information safety means can also have charge function, such as have patchplug.
According to an embodiment of the invention, the automatic closing information safety means refer in advance in information safety devices
One time value of internal custom, when information safety devices in the on state, more than the nothing of this time value not with matching
When line transceiver is connected, automatic decision is leave state inside information safety devices, passes through internal processes closing information safety
Equipment, can save electricity in this way.
According to an embodiment of the invention, to ensure the security in data transmission procedure, it can be calculated by encrypting
The data of transmission are encrypted method, and receiving terminal is received after encryption data, are decrypted, and then proceed to perform.According to this hair
A bright embodiment, the algorithm includes:The symmetrically or non-symmetrically mode such as algorithm.Symmetry algorithm include AES, DES,
TDES;Rivest, shamir, adelman includes RSA, ECC.
Embodiment 1
In the present embodiment, information safety devices one wireless transmitting-receiving equipments of correspondence, information safety devices switch is cunning
Moving type switch, switch is arranged on the side of information safety devices, passes through the on off state for the control information safety means that slidably reciprocate.
Information safety devices in the present embodiment are encryption lock, and encryption lock oneself is carried with(It such as can be placed in briefcase, pocket, key
The positions such as spoon string), wireless transmitting-receiving equipments are using USB heads(Call USB transceiver in the following text)It is connected with main frame, communication is indigo plant
Tooth.According to one embodiment of present invention, as shown in Fig. 2 comprising the following steps that:
1. USB transceiver is connected with main frame;
2. by sliding type, open encryption lock-switch;
3. the wireless signal in encryption lock automatic detection signal coverage;
4. detecting after wireless signal, it is connected automatically with sending the wireless device of the wireless signal, encryption lock is to sending
The wireless device of the wireless signal sends the request for obtaining equipment identification information;
If 5. when the wireless device is USB transceiver, USB transceiver is to encryption lock returning equipment identification information;If
When being not USB transceiver, the wireless device can not respond to or return other information;
6. encryption lock is received after information, with the USB transceiver identification list for being stored in the available legal of inside or matching
Contrasted, if the identification information received is shown to be and is verified in list of matches, be matching unit, perform step
Rapid 7, otherwise perform step 8;
7. encryption lock sets up wireless communication link with USB device;
8. being shown to be illegality equipment, forbid connection;
9. during using encryption lock function, by inputting password(Such as PIN code)Carry out authentication;
10. if certification passes through, being shown to be equipment that is legal or authorizing, follow-up data interaction operation can be continued;It is no
Then, it is believed that be illegal or unauthorized device, authentification failure is pointed out, re-authentication or encryption lock is prohibitted the use of;
, can manually or automatically closing information safety means, disconnection of wireless connection 11. leave.
Embodiment 2
In the present embodiment, the multiple wireless transmitting-receiving equipments of information safety devices correspondence, information safety devices switch be by
Button formula is switched, and passes through the on off state of shift knob control information safety means.Information safety devices in the present embodiment are to add
Close lock, encryption lock oneself is carried with(It such as can be placed in briefcase, pocket, key chain position), wireless transmitting-receiving equipments use
USB heads(Call USB transceiver in the following text)It is connected with main frame, communication is bluetooth, encryption lock memory storage is matched in the present invention
USB transceiver identification list, automatic encryption lock set of time of closing is 10 minutes.According to an embodiment of the invention, tool
Body step is as follows:
1. multiple USB transceivers are connected by HPI with respective main frame;
2. encryption lock is opened by the button switch on encryption lock;
3. the wireless signal in encryption lock automatic detection signal coverage;
4. detecting after wireless signal, it is connected, is identified by obtaining with sending the wireless device of the wireless signal automatically
The identification list of information and encryption lock storage inside is contrasted, and is verified whether as matching unit;
If 5. obtain identification information in the identification list that encryption lock is stored, be shown to be the matching unit of matching,
Step 6 is performed, step 7 is otherwise performed;
6. encryption lock sets up wireless communication link with the USB transceiver;
7. order is attached item by item from the wireless signal list detected, matching is determined whether according to step 4-5
Equipment, matching performs step 6;Otherwise this step is repeated;
8. set up after communication link, when main frame needs to interact with encryption lock, it is necessary to first carry out authentication, than
Such as by input password(That is PIN code)It is authenticated etc. mode;
9. certification passes through, then legal or authorisation device is shown to be, follow-up data interaction operation can be continued;Otherwise recognize
To be illegal or unauthorized device, authentification failure is pointed out, re-authentication or encryption lock can be prohibitted the use of;
10. leave, close encryption lock button or using automated manner close encryption lock, after closing, encryption lock automatically with
Main frame is disconnected, and forbids computer to use encryption lock function;
According to an embodiment of the invention, automatic encryption lock of closing refers in above-mentioned steps 10:Distance when exiting
During more than encryption lock wireless signal coverage, encryption lock just can't detect the wireless signal of USB transceiver, therefore also just can not
Wireless connection is set up with USB transceiver, encryption lock internal judgment can not connect the time of USB transceiver more than 10 minutes, then write from memory
Think leave state, encryption lock is closed by built-in command.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent substitution and improvement for being made etc. should be included in the guarantor of the present invention
Within the scope of shield.