CN105243341A - Information security electronic equipment and application architecture - Google Patents

Information security electronic equipment and application architecture Download PDF

Info

Publication number
CN105243341A
CN105243341A CN201510413949.9A CN201510413949A CN105243341A CN 105243341 A CN105243341 A CN 105243341A CN 201510413949 A CN201510413949 A CN 201510413949A CN 105243341 A CN105243341 A CN 105243341A
Authority
CN
China
Prior art keywords
mode
normal mode
safe mode
security
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510413949.9A
Other languages
Chinese (zh)
Inventor
杨筑平
周跃平
其他发明人请求不公开姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Kingluckcn Technology Co Ltd
Original Assignee
Shenzhen Kingluckcn Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Kingluckcn Technology Co Ltd filed Critical Shenzhen Kingluckcn Technology Co Ltd
Priority to CN201510413949.9A priority Critical patent/CN105243341A/en
Publication of CN105243341A publication Critical patent/CN105243341A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Abstract

The invention discloses information security electronic equipment and application architecture, and relates to the technical field of electron, communication, software and information security. Typical equipment, including a computer, a communication terminal and intelligent wearing equipment, comprises a conventional mode and a secure mode, wherein the conventional mode and the secure mode operate in parallel, are independently provided with an independent processor which operates in an independent address space, and share input/output components; an electronic switching mechanism controlled under the secure mode is arranged in the equipment; circuit selection is synchronously implemented on a key signal wire group to control to switch a target input/ output component to be in exclusive communication with one of the conventional mode and the secure mode; and the conventional mode and the secure mode are subjected to linkage cooperation, confidentiality synergy and transparent switching. The application architecture comprises a conventional module and a secure module, wherein the conventional module and the secure module are independently installed and operated on the two models to be subjected to the linkage cooperation, a confidentiality synergy frame is constructed, and the electronic switching mechanism is controlled to transparently switch the target input/output component. The embodiment provides secure computer and mobile equipment as well as file, electronic bank and WeChat architecture. Therefore, the sharing and the switching of the equipment architecture can be controlled, the bottleneck of the information security of computers and mobile phones is expected to break through, and equipment suppliers can favorably intervene in derivative value-added services to make profits

Description

Information security electronic equipment and application architecture
Technical field
The present invention relates to electronics, communication, software and field of information security technology.
Background technology
Along with intellectuality and the web development of electronic equipment (as computing machine, panel computer, mobile phone, wearable device etc.), and the popularizing of various application, information security issue highlights day by day.Electronic equipment because of open working application therefore, system vulnerability, viral code and spying program are just as flickering changeable as ghost, and causing stealing secret information frequently occurs with fraud, causes user to lose and even endangers national security.On the other hand, electronics manufacturers meets with vicious price competition because of produce market, hardware profit is generally on the low side, and it is rich that application service provider then relies on derivative value-added service to continue profit, forms the benign development that industry unfair distribution may hinder advanced manufacturing industry thus.
In order to solve electronic device information safety problem, most of technical scheme concentrates in application software aspect and makes an issue of, the technical products such as such as vulnerability scanner, anti-anti-virus software, safe Helper program, safety desktop program, network log-in management, information leakage protection system emerge in multitude and come into operation, but information security issue is still severe.Even if build and have employed believable operating system, as long as lack hardware support kit and safety applications support, information security is still a problem.The key of dealing with problems also must expect that the technical scheme of system and hardware view is more perfect." data safety management system and method " (Chinese invention patent application number 201210042754.4) proposes, the first system has administration authority to have again input media to show inputting interface, second system running security mechanism, separately there is switch that administration authority is switched to the latter from the former, by the first system, inputting interface layout information and input media characteristic are sent to second system, second system is allowed to receive input data from input media, and according to layout information and input media characteristic decoding input data.The limitation of this invention is, outside the second system of common the first system with safety, need switch both, not easily accomplish that seamless connection is to user transparent in practicality by third party's switch; It has the reception switching consistency problem inputting data between solution two system in mind, does not but provide the safety technique way of shared input media, and does not relate to other inputs and more do not relate to the safety issue of output." system for Administrative Security and dangerous application on same microcontroller " (Chinese invention patent application number 201380016147.3) proposes, based on interconnection matrix, Fabric Interface (connecting main peripheral unit), multiple processor and the access component for shared storage space are interconnected, and with the Secure isolation unit cooperation of storer, Administrative Security and dangerous application thus.The limitation of this invention is; given is a kind of electronic microcontroller system, and crucial Secure isolation unit, just on the basis of shared storage, divides protection address realm; force the access to storage space by filtrator and comparer, thus determine the accessibility of main peripheral unit." a kind of mobile terminal and the method and apparatus of visit data under dual system thereof " (Chinese invention patent application number 201410369962.4) proposes, current operation system is according to Application sharing instruction, the second operating system is given from the first operation systems share by application program, again current operation system is switched to the second operating system from the first operating system, allows application program access the data of extraction first operating system and the second operating system thus.The limitation of this invention is, is conceived to soft handover but not firmly isolates, and the rogue program that mistake is shared also can cross over two operating systems, and the access of dual system data can not be made safer." a kind of dual system termi-nal supporting seamless switching " (Chinese invention patent application number 201310342622.8) proposes, non intelligent subsystem and intelligent subsystem hardware are independently, the two shares wireless radio frequency modules, screen, voice and relevant I/O interfacing equipment thereof, the former remains that running status is for safety call and short message communication, and the two completes switching by hardware switch key.The limitation of this invention is, two cell phone systems are mutually isolated to be run simultaneously, but loses useful association, and user can only use respectively; And can only be switched by hardware switch key, create again the switching gap in use." a kind of two-shipper computer system for protecting information safety " (Chinese invention patent application number 201210230923.7) proposes, two subsystems are set in a computing machine, switched by shared switch controller and be connected to peripherals, again by input gateway and output gateway UNICOM's outer net and Intranet respectively.The limitation of this invention is, it is integrated loose that two-shipper is isolated, and two subsystems can only use irrelevant mutually respectively." single motherboard dual independent safety computer system " (Chinese invention patent number 201010556826.8) proposes, same pcb board is established two hardware system, the module independent operatings such as each tool separate CPU, by intelligent handover module, share the alternating interface between man and computer such as display, keyboard, mouse with the external world by key control.The limitation of this invention is, although integrated compact, two hardware systems also can only use irrelevant mutually respectively.
In order to from products-hardware profit day by day under predicament in free, on the one hand, electronics manufacturers starts the application service seeking its product leading, or select cooperate with application-specific distribution services business, to scheme to make profit from derivative value-added service; On the other hand, the secret that electronics manufacturers has been found to have takes technological means, to the application of non-partner services business distribution, implements probability random obstruction when user downloads and installs or run, and causes application somehow or other to lose efficacy.Problem is, this interference behavior obscure privately, although obviously reluctantly, obviously not having legitimacy, is also inequitable to user.
Summary of the invention
The present invention proposes a kind of information security electronic equipment, with the comprehensive technical measure of system and hardware, improves information security function and the purposes of electronic equipment.Typical information security electronic equipment, one is computing machine, as server, desktop computer, notebook computer, panel computer etc.; Two is communication terminals, as landline telephone, mobile phone (mobile phone), board information terminal etc.; Three is Intelligent worn device, as intelligentized wrist-watch, bracelet, bracelet, glasses etc.Also may have the electronic message unit of other different names and form, basic general character be have correspondence with foreign country, can networking.Present device, its underlying hardware formation includes, but is not limited to processor/controller, storer, inputoutput unit.Wherein, processor/controller has multiple (i.e. two or more), and equipment is the system of one multiprocessor/controller; Storer has internal storage (as dynamic or static memory), also can have external memory storage (as hard disk, flash memory); Inputoutput unit, both finger mouth also finger device, according to equipment purposes function needs, optional input block has keyboard and mouse, touch screen, microphone, camera, Fingerprint Identification Unit, motion sensor, geographic locator (as GPS, Big Dipper positioning devices) etc., optional output block has display, display screen, projector, loudspeaker, Vib. etc., and optional constrained input parts have communications (as radio communication, wire communication, short-haul connections, telecommunication), external mobile storer (as USB flash disk, portable hard drive) etc.Present device, its System's composition comprises two and had not only established one's own system but also the subsystem of independent operating: one is conventional subsystem, processor/controller (can have multiple) and storer run untrusted operating system, also believable operating system can be run, it reruns conventional application (or module), system is because open (operating system is insincere, uncontrollable, the random networking of application behavior is downloaded, and PERCOM peripheral communication the factor such as not encrypt) and safe not; Two is secure subsystems, processor/controller (can have multiple) and storer run believable operating system, or that runs is not complete operating system but special hard core control program, safety applications that it reruns (or module), system because close (operating system or hard core control program believable, apply through certification, management and control or forbid that networking is downloaded, with the factor such as PERCOM peripheral communication encryption) so safer.So, present device is based on aforementioned two subsystems, its architecture and operating mechanism correspondingly comprise normal mode and safe mode and parallel running, wherein, normal mode performs the process of purposes predetermined function in open system environment and (operates main interface as provided, calculate and communicate), safe mode performs security confidentiality function process (as identification/certification in closed system environment, data encryption/decryption, digital signature/checking and E-Payment/mandate etc.), also the partial function process of similar normal mode is performed alternatively, described two kinds of patterns have independently processor/controller run on separately independently memory address space separately, go back internal exchange message each other, and, described two kinds of pattern shared portion or all inputoutput unit.Especially, present device inside also comprises electronics switching mechanism, the optional switching implemented institute's shared inputoutput unit and normal mode or be connected with inside between safe mode.Described electronics switching mechanism is controlled by safe mode, and by selecting the key signal line group synchronization implementation circuit of target inputoutput unit, exclusively actual connection works in normal mode or safe mode to control to switch target inputoutput unit.
Present device allows normal mode and safe mode share inputoutput unit, is for product reduces costs guarantee technique, is also to meet facility information security needs.Need as there being which inputoutput unit in this equipment to be shared, then depend on physical device security function demand.Electronics switching mechanism in present device, is formed primarily of a series of electronic switch, for implementing to switch in circuit one-level.The integrated circuit (IC)-components example of electronic switch, digital circuit have the buffer/driver/receiver of Transistor-Transistor Logic level ternary output (as SN74125, SN74126, SN74425, SN74426, SN74LS367A, SN74LS368A, SN74LS240, SN74LS241, SN74LS244), bus transmits receiver (as SN74LS242, SN74LS243, SN74LS245), data selector/multi-way switch is (as SN74LS257, SN74LS258) etc., mimic channel have CD series (as CD4051, CD4052, CD4053), DG series is (as DG211, DG212, DG411, DG412, DG413, DG308B, DG309B, DG444, DG445, DG441883), MAM series is (as AX4610, MAX4611, MAX4612, MAX4661, MAX4662, MAX4663) etc., and the integrated circuit (IC)-components of other different model and performance.Each electronic switch integrated circuit (IC)-components, generally comprising multichannel (such as 3 tunnels, 4 tunnels) can numerically controlled electronic switch.Switching one (one) electronic circuit is responsible for by each road electronic switch, and an inputoutput unit has many barss circuit usually, such as there are 6 TTL signal wires (clock, data, power supply, 2 with retaining) as the QWERTY keyboard mouse PS/2 interface of general input block, also just need multiple electronic switch to switch.Usually, VDD-to-VSS is the circuit shared in equipment, need not consider that circuit switches, except non-required carries out control (as imitated USB device plug) to power supply.And data line, clock line, control line, condition line etc., be only the key signal line (such as clock, data are one group of key signal line of keyboard interface) of inputoutput unit, need implementing circuit in groups to switch.And, the circuit of the key signal line group of each target inputoutput unit is switched, should synchronously (namely as one man simultaneously, special also can tactic distinctively) carry out, in the hope of avoiding interference and losing efficacy.Synchronism switching meaning of the present invention is evaded in attempt, and deliberately designs the switching of execute in steps toggle, only otherwise impact switches validity, all should be regarded as synchronism switching of the present invention.For switching certain circuit of certain inputoutput unit, if use digital electronic switch, then should be noted semaphore type (being limited to digital quantity as Transistor-Transistor Logic level) and the input and output direction of target line, avoid wrong, for bidirectional line, may also need to revise device driver; And with simulant electronic switch, be then both applicable to digital quantity and be also applicable to analog quantity (as audio frequency, vision signal), without the need to taking semaphore type and the input and output direction of target line into account, implement relatively simple.Generally speaking, adopting digital control simulant electronic switch (as CD4053, MAX4611) to switch inputoutput unit signal line, is better selection.But the electrical specification such as the voltage of electronic switch, electric current, delay, then need select for the electrical specification concrete analysis of objectives circuit.Adopt the particular location node of electronic switch switching signal circuit, both can be arranged in start node (near access place of keyboard interface socket) and simplify, and also can be arranged in economic node (the access extended spot as the output line of Fingerprint Identification Unit module) and save.Electronics switching mechanism must be placed under security mode control, and can not control by normal mode, otherwise lane user cheating is grasped in the malicious process utilization in just may being applied by routine.Electronics switching mechanism is selected the key signal line group synchronization implementation circuit of each target inputoutput unit, make this target inputoutput unit at any time, actual connection works in normal mode (simultaneously having cut off the connection with safe mode), or actual connection works in safe mode (simultaneously having cut off the connection with normal mode).In other words, control switching and there is exclusiveness, be communicated with a kind of pattern and namely mean the another kind of pattern of cut-out.If electronics switching mechanism adopts application specific processor/controller to implement independent control, then this processor/controller should be regarded as belonging to safe mode category.
In present device, the storage of the private data (as address list, Bank Account Number, web-based applications account, sensitive document etc.) of need to be keep secret, if preserve in normal mode, then must cryptographic storage (ciphertext); If preserve in safe mode, then can store expressly or ciphertext.And the principle mechanism of maintaining secrecy, one is preserve front encryption, and two is deciphering after reading, and three is that the cryptographic algorithm that encryption and decryption operates all performs at safe mode inner sealing.So the private data in present device, comprises in whole life cycle and uses in processing procedure, externally like sealing, even if the malicious process of hiding in normal mode also cannot steal data content.
As the principal character of present device, described normal mode and described safe mode link and cooperate, and are built with secret collaborative framework, and transparent switching target inputoutput unit, comprises the following steps:
(1) normal mode sends function request to safe mode;
(2) safe mode is from the request of normal mode receiving function; Alternatively, safe mode checks preset security strategy is to determine whether accept;
(3) security mode control electronics switching mechanism, switches target inputoutput unit and is communicated with safe mode;
(4) safe mode processes into function request, comprises secret content of operation; Period, safe mode and normal mode exchanged data ciphertext alternatively;
(5) security mode control electronics switching mechanism, switches target inputoutput unit and is communicated with normal mode;
(6) safe mode is to normal mode transmission processing result, then waits lower subfunction request;
(7) normal mode receives result from safe mode, then performs subsequent treatment.
Above step is not unalterable, such as, exchanges the order of (5) wherein and (6) two steps and it makes no odds.
So-called interlock cooperation, refer to that present device is in order to realize predetermined function target, normal mode and safe mode cooperation on respective isolated footing, produces interaction by internal exchange message each other, and cooperation performs to reach expectation function effect.So-called secret collaborative framework, situation as above-mentioned steps shows, shows that normal mode runs in processing procedure, when needs safe mode performs function of keeping secret process, the agreement flow process framework that two kinds of pattern both sides work in coordination with.According to the difference of predetermined function target, the kind quantity of the target inputoutput unit that switch, and data content and processing requirements also corresponding difference.So-called transparent switching, refers to and works in coordination with spontaneous switching by normal mode and safe mode, and the safe and secret required target inputoutput unit that automatically switches, need not artificial deliberately extra blocked operation.The sequencing of above-mentioned steps, also show the intension of transparent switching.
In present device, it is controlled sharing that inputoutput unit is shared, and is placed under security mode control; Every include in normal mode and safe mode the inputoutput unit shared, all should be able to be selected to switch by electronics switching mechanism.And realize for the ease of management, the selection done switches, can be the selection of (such as distinguishing inputoutput unit one by one) of itemizing according to functional category to inputoutput unit, can also be the selection of (such as concluding correlated inputs output block by purposes) of dividing into groups according to functional category to inputoutput unit.So such subitem divides group selection, on the one hand, can conclude lifting, the application programming interface controlling under being formed as safe mode to switch, to design realization, is called for safety applications and realizes predetermined security function, also call realization for transparent switching, and then promote standardization and versatility; On the other hand, the man machine operation interface under safe mode can also be presented in, so that user operation manages and reaches expection security purpose, also let user experiencing autonomous control and sensation controlled safely.
In present device, in order to improve security, security strategy can be pre-set, for retraining the steps flow chart of above-mentioned secret collaborative framework.Security strategy can comprise time and/or geographic position limiting factor, makes equipment in specific time range and/or territorial scope, could perform or can not perform.Security strategy also can comprise communication party identity information limiting factor (as telephone number, logging in name, device address, station address etc.), makes equipment for specific people or equipment, could perform or can not perform.
The present invention also proposes a kind of information security application architecture, is the framework for the establishment of information security electronic equipment and/or deployment secure application.Safety applications framework of the present invention, comprises conventional modules and security module, and respectively installation and operation is in the normal mode of information security electronic equipment and safe mode, realizes safety applications predetermined processing function.Wherein, conventional modules performs basic purposes function (as provide the main interface of operation, calculating and communicate), security module performs security confidentiality function (as identification/certification, data encryption/decryption, digital signature/checking and E-Payment/mandate etc.), especially, security module manipulation electronics switching mechanism, by selecting the key signal line group synchronization implementation circuit of target inputoutput unit, controlling to switch target inputoutput unit and being exclusively communicated with normal mode or safe mode.And the conventional modules in described safety applications framework and security module link and cooperate, and are built with secret collaborative framework, transparent switching target inputoutput unit.This forms the principal character of framework of the present invention.
What is called interlock cooperation in framework of the present invention, secret collaborative framework and transparent switching, consistent with the concept implication in aforementioned present device.Also must illustrate, framework of the present invention, is not only applicable to present device, is also applicable to similar present device but in normal mode, safe mode and electronics switching mechanism three sample, has the integration of equipments combination be equally separated at least.
The safety applications of framework of the present invention, the believable operating system of its security module under information safety devices safe mode or hard core control program are run, by the targets option one group of relevant inputoutput unit combination switched as selection, just specific security function can be realized.The following several situation of citing:
The first situation; by Touch Screen (such as mobile phone); or projection screen control (such as Intelligent worn device); or display and keyboard and mouse (such as computing machine); as the basic option of target inputoutput unit; to scheme the secret of protected file data/communication information in the secure mode, or ensure the safety of transaction payment/issued transaction.Touch-control, keyboard and mouse are basic input blocks, and display screen, display, projector are basic output blocks.When user opens classified document in normal mode, the ciphertext of file is first delivered to safe mode via inner exchanging by safety applications, safe mode is communicated to safe mode itself with switching by basic inputoutput unit, then the original text of original is gone back in deciphering, and user can read/watch, editing files content.When user generates new classified document; safety applications is first guaranteed that basic inputoutput unit switches and is communicated to safe mode; user's reality is operated in the secure mode, and during preservation, security module first encrypts the ciphertext of spanned file, preserves under being then delivered to normal mode via inner exchanging.Equally, for the communication information (as address list, message registration, short message, instant messaging and social information), when user selects secret, basic inputoutput unit also switches and is communicated to safe mode by safety applications, searches for user security, consults and edit file.For transaction payment (as net purchase Net silver is paid the bill) and other issued transaction, safety applications is in the key link of operation flow, as authentication and confirmation operation, also first basic inputoutput unit is switched and be communicated to safe mode, guarantee user's practical operation in the secure mode.Like this, even if there is malicious process in normal mode, to user's use operation in the secure mode, also actual threat can not be formed.
Second case is using Fingerprint Identification Unit and the camera combination option as target inputoutput unit, to scheme the privacy protecting identification biological characteristic in the secure mode.The face information of the finger print information that Fingerprint Identification Unit gathers and camera picked-up is all the identification biological attribute data of people, if in normal mode, its collection capture process and storage are all easily stolen by potential malicious process during transmitting; And in the secure mode, Fingerprint Identification Unit and camera are all switched to be communicated with and work in safe mode, then the collection capture process of fingerprint and face information and storage space all arrange in the secure mode, just can protect the privacy of identification biological characteristic.
The third situation is using microphone, speaker and the camera combination option as target inputoutput unit, to scheme to realize maintaining secrecy of voice and video call in the secure mode.If in normal mode, voice and video call all may be recorded snugly by potential malicious process and forward and give away secrets; And in the secure mode, microphone, speaker and camera are all switched to be communicated with and work in safe mode, then voice and video call is carried out all in the secure mode, even if need through normal mode communications voice and video data, also be all in the secure mode, before transmission, our data encryption is exchanged, and after reception, the other side's data deciphering is play, so just can realize maintaining secrecy.
4th kind of situation is using microphone, camera and the steady arm combination option as target inputoutput unit, to scheme the risk of avoiding in the secure mode being ravesdropping, taking on the sly and following the trail of.If in normal mode, potential malicious process can open microphone, camera and steady arm snugly, record background sound, ambient image and geographic location, and forwards at any time, so to be ravesdropping, take on the sly and track of events; And in the secure mode, microphone, camera and steady arm are all switched to be communicated with and work in safe mode, then just can management and control and avoid this type of risk.
5th kind of situation, is using the reservation option of communications parts as target inputoutput unit, to scheme to isolate normal mode and PERCOM peripheral communication in the secure mode, and even directly implements secret communication.If in normal mode, potential malicious process can snugly at any time arbitrarily with extraneous liaison, produce malice as privately network, secretly dialing, send short messages steathily and consume; And in the secure mode, communications parts are switched connection and work in safe mode, also just isolate normal mode and PERCOM peripheral communication, if necessary, also directly can carry out secret communication.
The safety applications of framework of the present invention, selects the option switching target inputoutput unit, is not limited to above five kinds of situations, and can make other selection realizations according to actual needs flexibly.
The safety applications of framework of the present invention, especially its security module, although can in advance in information safety devices solidification realize, but still be necessary to provide safe and download and install mechanism, so that serve future upgrades expansion more flexibly and fast.Concrete way comprises the following steps:
(1) version of application developers stationary applications code file, performs the digital signature ensureing copyright, generates application installation file;
(2) device fabrication business or its authorized organization are to application installation file, under the prerequisite of checking copyright digital signature, first perform encryption and perform the digital signature of guaranteeing distribution afterwards, generate Application issuance file;
(3) user's down load application distribution file is to its equipment installation and operation;
(4) safe mode of equipment is to Application issuance file, under the prerequisite of checking distribution digital signature, performs installation after deciphering.
In above step, digital signature is the complete consistance in order to ensure application file, and encryption cracks in order to protection application code exempts from reverse-engineering.So the safety applications of framework of the present invention, it is also that safety is controlled that distribution is disposed.For safing reasonable ground, just located new role for device fabrication business or its authorized organization, both born the responsibility of examination or authentication application security, also obtain the means of management and control Application issuance.And these are for equipment user, only have positive effect and there is no negative effect.
Good effect of the present invention, provide a kind of information security electronic equipment architectural framework and information security application architecture, rely on inputoutput unit controlled shared switching between normal mode and safe mode, and the interlock cooperation of two kinds of patterns, collaborative and transparent switching of maintaining secrecy, for various electronic message unit provides security mechanism effectively reliably, the information security technology progress of electronic equipment can be promoted, be especially expected the information security technology bottleneck breaking through long-standing problem computer, mobile phone.Meanwhile, also for electronic message unit manufacturer provides favourable opportunity, get involved related derivative value-added service with right titles and proper words, and even participate in rule-making, profit sustainable development can be increased, industrial security application and protection user benefit can be promoted again.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of present device.In complete equipment framework, normal mode (1) is an independent particle system, it has oneself processor/controller (11) and storer (12), run untrusted operating system (13) on this basis, conventional application (14) of reruning above; Safe mode (2) is another independent particle system, it also has oneself processor/controller (21) and storer (22), run believable operating system (23) on this basis, there are key unit (24) and switch unit (25) above, security of operation application (26).Normal mode (1) and safe mode (2) respectively have its own independently address space independent operating, can carry out inner exchanging between the two, mutual transmission of information.Secret collaborative framework is also built with, by Fig. 2 explanation below between two patterns.Two pattern input and output separately (being referred to as pattern input and output), all will through electronics switching mechanism (3), the input and output (being referred to as switch input and output) of continuity, exclusively actually could connect inputoutput unit (4), and be switched by switch unit (25) working control in safe mode (2).Electronics switching mechanism (3) is by a series of electronic switch (31), (32) ... (3n) form, wherein suspension points represents can also have greater number.Each electronic switch is an assembled unit, switch unit (25) working control all accepted in safe mode (2) performs switching, corresponding one or more signal line of switching (concrete circuit number depends on corresponding inputoutput unit).Inputoutput unit (4) generally comprises touch-control/key mouse (41), display/inputoutput unit such as projection (42), communications (4n) etc., can perform PERCOM peripheral communication, wherein suspension points represents can also other inputoutput unit.The inputoutput unit of switching shared by each needs, an all corresponding electronic switch.Such as, touch-control/key mouse (41) corresponding electronic switch (31).Each switch input and output, all corresponding a pair pattern input and output.For reduced representation, all input and output all draw with four-headed arrow line, but not repel some input and output actual be unidirectional, the audio signal wire input of such as microphone and the audio signal wire output of loudspeaker.Inputoutput unit (4) by electronics switching mechanism (3), and controllably by normal mode (1) and safe mode (2) are shared, completes corresponding input and output.
Fig. 2 is in present device and framework, the association process flow diagram of secret collaborative framework.The left side and hurdle, the right two are the flow process of normal mode process and security mode procedure respectively, and middle column indicates the information flow direction between both sides.From the left side, during the need to be keep secret process of normal mode process, come entrance, first send function request to security mode procedure; Alternatively (empty wire frame representation washability), if data ciphertext (as address list) is kept in normal mode, then also requirement according to a preconcerted arrangement, submits data ciphertext to security mode procedure, again from security mode procedure harvesting (receive and preserve) data ciphertext; Then await receipt result, complete, returns subsequent treatment.From the right, security mode procedure starts to enter service state, wait from the request of normal mode receiving function, after confirmation request effectively, alternatively (empty wire frame representation), check preset security strategy, to determine whether accept, forbid, directly turn and go transmission processing result (such as error code), allow, cut (namely switch and come, be switched to safe mode from normal mode) target IO (input and output) parts; Then n-back test process, alternatively (empty wire frame representation), if data ciphertext is kept in normal mode, then also extract data ciphertext from normal mode, deciphering reduction for the treatment of, after amendment, be encrypted to ciphertext again, then pay data ciphertexts to normal mode; Be disposed, just cut (namely switch back, be switched to normal mode from safe mode) target IO parts, then to normal mode transmission processing result; Finally, return again and wait receiving function request next time, so go round and begin again.If data are kept at safe mode (plaintext or ciphertext), then both sides represent that the empty wire frame operation exchanging data ciphertext can save.In a word, switch target inputoutput unit, be cut before confidential treatment, cut after processing is completed again.
Fig. 3, Fig. 4, pinouts and the logical diagram of a kind of electronic switch CD4053 integrated circuit (IC) chip that will adopt in the embodiment of the present invention respectively, what derive from chip manufacturer discloses the data of introduction, its technology contents itself does not belong to the present invention, this object quoted be only to facilitate understanding of the present embodiment of the invention in the composition of electronics switching mechanism and line.CD4053 is 32 passages numeral control simulation switch (single-pole double-throw (SPDT)), there are three independently digital control input end A, B, C and INH inputs, control from ax/ay alternative, from bx/by alternative, from cx/cy alternative respectively, and as forbidding input, conduction impedance and cut-off leakage current are all low.Amplitude is that the digital signal of 4.5 ~ 20V can control the digital signal of peak-to-peak value to 20V.If such as VDD=+5, VSS=0, VEE=-13.5V, then the digital signal of 0 ~ 5V can control the simulating signal of-13.5 ~ 4.5V.These on-off circuits have extremely low quiescent dissipation in whole VDD-VSS and VDD-VEE power range, have nothing to do with the logic state of control signal.When INH input end=" 1 ", all passage cut-offs.When control inputs (A, B, C) is for high level, " 0 " passage gating, otherwise, " 1 " passage gating.The details of concrete truth table and electrical specification, can consult chip product related data.
Fig. 5 is the embodiment schematic diagram of present device.MIC socket (non-standard connect), keyboard socket (PS/2 standard interface) and display socket (3 primary colours D type interface), as inputoutput unit.4 CD4053 chips C1, C2, C3 and C4 form electronics switching mechanism, VDD (pin 16) meets power supply+5V, INH (forbidding, pin 6) and reference voltage VEE (pin 7), VSS (pin 8) all ground connection are low level.C-channel (pin 3,4, the 5 and 9) correspondence of chip C1 switches IN (audio frequency input) signal wire of MIC socket, channel B (pin 1,2,10 and 15) correspondence switches Clock (clock) signal wire of keyboard socket, and A channel (pin 11,12,13 and 14) correspondence switches Data (data) signal wire of keyboard socket.Wherein, C-channel is selected separately to control (by control inputs C pin 9), and B and A channel are synchronously selected to control (by control inputs B pin 10 and the parallel connection of control inputs A pin 11).The signal line group of the common switching display socket of chip C2, C3 and C4 (3 primary colours D type interface).Wherein, A, B, C triple channel of C2 is corresponding respectively switches R (Red is red), G (Green is green), B (Blue is blue) video signal cable, A, B, C triple channel of C3 is corresponding respectively switches V-sync (field synchronization), Clock (clock), Sense (cpu test) signal wire, and A, C bis-passages (channel B is not used) of C4 are corresponding respectively switches Data (data), H-sync (row is synchronous) signal wire.The control inputs (A, B, C pin 11,10,9) of three passages of C2, C3 is in parallel with the control inputs (A, C pin 11,9) of two passages of C4, and the synchronous selection realizing 8 signal line controls to switch.Normal mode (1) and safe mode (2), have the signal wire access point corresponding respectively with MIC socket, keyboard socket and display socket.In normal mode (1), the Data/Clock of the corresponding keyboard of KD0/KC0, the R/G/B/Sense of the corresponding display of the IN of the corresponding MIC of INO, R0/G0/B0/Sense0, the Clock/V-sync/H-sync/Data of the corresponding display of Clock0/V-sync0/H-syncO/Data0.In safe mode (2), similar in the glossary of symbols of respective signal line access point and normal mode (1), is designated as 1 and non-zero under an is-symbol; In addition, output line SM connects C1 pin 9 to control to switch MIC socket, and output line SK connects C1 pin 10,11 to control to switch keyboard socket, and the pin 9,11 of pin 9,10,11 and C4 that output line SD meets C2, C3 shows device socket to control switching.Steering logic is, output low level is switched to normal mode (1), exports high level and is switched to safe mode (2).In addition, a switch key K being also set especially, for triggering from peripheral operation, forcing inputoutput unit to be switched to safe mode (2), such as when needs arrange security strategy.
Fig. 6 is also the embodiment schematic diagram of present device, can be considered that the expansion of Fig. 5 supplements.USB socket (A type) is as inputoutput unit.1 CD4053 chip C5 and 1 MAX4611 chip C6 forms electronics switching mechanism.VDD, INH, VEE, VSS wiring of C5 is consistent with Fig. 5, A, C bis-passages (channel B is not used) are corresponding respectively switches D-, D+ signal wire, the control inputs (A, C pin 11,9) of two passages is in parallel, and the synchronous selection realizing D-, D+ signal wire controls to switch.C6 MAX4611 chip used, is a kind of digital control simulant electronic switch of 4 passage single-pole single-throw (SPST)s, for further details, please refer to Related product specification documents data.The first passage (pin 1,2,13) of C6 is for being switched on or switched off the VBUS power supply of USB socket, and other three passages are not used.Normal mode (1) and safe mode (2), have and distinguish corresponding signal wire access point with USB socket D-, D+ signal wire, and subscript numbering is respectively 0 and 1.In safe mode (2), output line SUD connects C5 pin 10,11 to control to switch data line D-, D+ of USB socket, and output line SUV connects the pin 13 of C6 to control USB socket VBUS Power supply.The steering logic of SLD to C5 is, output low level is switched to normal mode (1), exports high level and is switched to safe mode (2).The steering logic of SUV to C6 is, output low level connects VBUS power supply, exports high level and then cuts off VBUS power supply.Independent control VBUS power supply, in order to when USB socket is switched to different mode, under external USB device keeps access situation, automatic imitation plug action, both allowed original access module recognize USB device and shifted out inefficacy, and allowed again new access module recognize USB device and accessed available.Concrete switching control flow, will illustrate in the figure 7.The effect of external switch key K, consistent with the explanation in Fig. 5.
Fig. 7 is the treatment scheme of present device when switching USB socket.No matter be switched to safe mode from normal mode, or be switched to normal mode from safe mode, when starting to switch, first cut off VBUS line (being equivalent to USB socket power-off), postpone a moment (such as 250 milliseconds), synchronism switching D+, D-line is to new model again, then postpones a moment (such as 250 milliseconds), then connects VBUS line (being equivalent to power to USB socket).Twice delay of empty wire frame representation in figure, can merge into one, also can all retain or all not want.Postpone object, be in order under USB device access state, simulate artificial plug effect, so as new model identification it.
Fig. 8 and Fig. 9 is in present device embodiment, the treatment scheme of Telephone Management Agency, wherein also reflects that the one application of secret collaborative framework described in above-mentioned Fig. 2 is specialized.The treatment scheme that Fig. 8 runs under describing normal mode.After beginning, list display message registration.According to the operation of user, roll and then upgrade list display, pointing telephone record then extracts telephone number, and dialing then needs to input telephone number; Directory enquiry then needs to send directory enquiry request to safe mode, the telephone number of await receipt safe mode feedback.After telephone number is determined, according to selected or default talking mode, if common call, then direct call transfer; If secret telephony, then send encrypted word (secret telephony) request to safe mode, then enter exchange transmitting procedure, the encrypted audio data of calling is passed to safe mode, be transferred to partner from the encrypted audio data of safe mode reception outgoing again.No matter be common call transfer, or maintain secrecy and exchange transmission, process all lasts till that either party on-hook of call or communication failure terminate when interrupting.The treatment scheme that Fig. 9 runs under describing safe mode.After startup, await receipt is from the application request of normal mode again and again.Whenever receiving request, first cutting touch screen (touch screen and display screen), operating under making user be naturally transformed into safe mode and watching.Then specifically process according to request function.For directory enquiry request, first open address list, allow user search number, just closed communication record after selected, then number is passed in normal mode to send and ask and the process of await receipt number.Because address list stores in the secure mode, open, search and also close execution in the secure mode with closing process, the potential malicious process therefore in normal mode cannot steal address list at all.For encrypted word request, first cut MIC, earphone, then carry out receiving and deciphering calling and encrypt the process sending outgoing, namely carry out secret telephony.What receive is the enciphered data of the other side's speech utterance, to be received and transmits through inner exchanging, output to earphone broadcast in the secure mode after deciphering again by normal mode from PERCOM peripheral communication; What send is that we speak the data of sound through MIC pickup, just passes to normal mode through inner exchanging after encryption, then to be transmitted through PERCOM peripheral communication by the latter and sends to the other side.Saying and listening to close all in the secure mode of call is carried out, and this period MIC, earphone have all switched and be communicated to safe mode, and the potential malicious process in normal mode cannot be eavesdropped at all, thus achieves secret telephony.End of conversation, namely cuts MIC, earphone, so that normal mode uses when common call.If request is other functions, then the flow process turning entrance A goes to process (see Figure 11), and the complete entrance B that will go back to continues.This request function is disposed, and is just cut by touch screen, and continue to accept other operations of user so that normal mode terminates this call, safe mode then returns request next time waiting and accept normal mode.
Figure 10 and Figure 11 is in present device embodiment, the treatment scheme of short message managing, wherein also reflects that the one application of secret collaborative framework described in above-mentioned Fig. 2 is specialized.The treatment scheme that Figure 10 runs under describing normal mode.After beginning, list display note record.According to the operation of user, roll and then upgrade list display, click note record and then first judge short message content, be bright letter (expressly note) just direct displaying contents, then return display list; To secret letter (Encrypted short message), then send to safe mode and read letter request, then transmit secret letter and go display to safe mode, then return display list.Write letter, need the telephone number inputting receiver, directory enquiry then needs to send directory enquiry request to safe mode, the telephone number of await receipt safe mode feedback.After telephone number is determined, according to selected or default transmission mode, if normal short message, then directly write note; If secret note, then send to safe mode the request of writing letter, the secret letter of await receipt safe mode feedback.No matter be normal short message, or secret note, after determining short message text (plaintext or ciphertext), all equally perform SMS message transmission process, send to receiver by PERCOM peripheral communication, then terminate.The treatment scheme that Figure 11 runs under describing safe mode is the branch being labeled as entrance A in prior figures 9.For directory enquiry request, set forth in fig .9.After entering this flow process, touch screen has switched and has put in place, ensure that operation input and display translation are all located in the secure mode, so be safe and secret.For readding letter request, first receive the secret letter that transmits through inner exchanging of normal mode, note original text then displaying contents are reduced in deciphering (comprise and first remove visual coding); For the request of writing letter, first write note, then encrypt (comprising visual coding subsequently, as adopted BASE-64 encryption algorithm), generate the ciphertext text of note, then pass to normal mode through inner exchanging.For other requests, then the flow process turning entrance C goes to process (see Figure 13).This request is disposed, and all goes back to entrance B (see Fig. 9), will cut touch screen there, and under allowing user get back to normal mode, operation uses.
Figure 12 and Figure 13 is in present device embodiment, the treatment scheme of address list management, wherein also reflects that the one application of secret collaborative framework described in above-mentioned Fig. 2 is specialized.The treatment scheme that Figure 12 runs under describing normal mode.Due to address list actual storage in the secure mode, the process is in a conventional mode fairly simple, only need send to safe mode the request of editing and recording, then wait and edited and recorded.In fact that user is guided safe mode naturally, operational administrative address list safely there.The treatment scheme that Figure 13 runs under describing safe mode is the branch that Figure 11 acceptance of the bid is above designated as entrance C.After entering this flow process, touch screen has switched and has put in place, ensure that operation input and display translation are all located in the secure mode, so be safe and secret.For the request of editing and recording, first open address list, then carry out editing process, generally include the increase to record, deletion, inquiry and amendment.In addition, also comprising switch key request, have nothing to do with address list, is that the interrupt request of generation triggered by user operation external switch key, thus opens and arrange interface, and Operational Management System is arranged.For other requests, then the flow process turning entrance D goes to process (see Figure 15).This request is disposed, and all goes back to entrance B (see Fig. 9), will cut touch screen there, and under allowing user get back to normal mode, operation uses.
Figure 14 and Figure 15 is in present device embodiment, the treatment scheme of file management, wherein also reflects that the one application of secret collaborative framework described in above-mentioned Fig. 2 is specialized.The treatment scheme that Figure 14 runs under describing normal mode.After beginning, list display file catalogue.According to the operation of user, roll and then upgrade list display, clicking the attribute (generally by file name suffix, file header form) that (usually double-clicking) file directory then first distinguishes file, is expressly just directly open displaying contents, edit, after closedown, return display list; Then send file request to safe mode to ciphertext, then transmit file cipher text and go display and editor to safe mode, the new file cipher text of await receipt safe mode feedback, stores in normal mode if desired, then returns display list.Newly-built, first create an empty file, according to selected or default file mode, if ordinary file, then directly remove editing files; If classified document, then process as after above-mentioned click ciphertext.To other operation, then process as usual, as changed filename, moving, copying or deleted file, etc.Return, terminate.The treatment scheme that Figure 15 runs under describing safe mode is the branch that Figure 13 acceptance of the bid is above designated as entrance D.After entering this flow process, touch screen has switched and has put in place, ensure that operation input and display translation are all located in the secure mode, so be safe and secret.For file request, first receive the ciphertext that normal mode transmits through inner exchanging, deciphering reduction document text, then open and editing files, then encrypt new file, then pass to normal mode through inner exchanging.For other requests, then the flow process turning entrance E goes to process (see Figure 17).This request is disposed, and all goes back to entrance B (see Fig. 9), will cut touch screen there, and under allowing user get back to normal mode, operation uses.
Figure 16 and Figure 17 is in present device embodiment, the treatment scheme of authentication, wherein also reflects that the one application of secret collaborative framework described in above-mentioned Fig. 2 is specialized.The treatment scheme that Figure 16 runs under describing normal mode.First according to authentication mode, to pin mode, then send password request to safe mode, the password (ciphertext) of await receipt feedback; To signature scheme, then hard objectives voucher, sends signature request to safe mode, then exchanges voucher, namely first transmits voucher, then await receipt feedback voucher and signature.Exchange the cryptographic secret or voucher signature that receive, can directly be transferred out by PERCOM peripheral communication if desired.The treatment scheme that Figure 17 runs under describing safe mode is the branch that Figure 15 acceptance of the bid is above designated as entrance E.After entering this flow process, touch screen has switched and has put in place, ensure that operation input and display translation are all located in the secure mode, so be safe and secret.For password request, first input password, the affix time, become the ciphertext of password together with password one block encryption, then pass to normal mode through inner exchanging.The object of additional period is to prevent cryptographic secret to be used to Replay Attack.The object of password encryption is in order to maintaining secrecy during external transmission, and this just requires by key used for encryption in authentication (normally online server) registration, and when verifying except comparison password, also must the consistance of proving time.For signature request, first receive voucher, the affix time, then show for user's decision-making.User has seen voucher, both can refuse to sign to unreal voucher, also can select to sign after by fingerprint or the identification of brush face voucher.If have selected fingerprint recognition, then first cut fingerprint device, then input fingerprint and compare, then cut fingerprint device; If have selected the identification of brush face, then first cut camera, image surface of then taking pictures is compared, then cuts camera.Switch the object of fingerprint device and camera, fingerprint and image surface characteristic exactly in order to ensure user are only limited to and extract and checking in safe mode, and can not be stolen.No matter which kind of mode identification, if do not meet, then allows the limited number of times of retry; If meet, then voucher of signing, then passes to normal mode through inner exchanging.Above-mentioned identification process also can be optimized, and all need not will switch fingerprint device or camera by retry at every turn.For other requests, then disregard, expand after waiting until.This request is disposed, and all goes back to entrance B (see Fig. 9), will cut touch screen there, and under allowing user get back to normal mode, operation uses.
Figure 18 is in framework embodiment of the present invention, the treatment scheme of the conventional modules of safety network bank applications client, wherein also reflects that the one application of secret collaborative framework described in above-mentioned Fig. 2 is specialized.After beginning, first carry out authentication (as adopted the flow process of above-mentioned Figure 16 and Figure 17), invalid, terminate, effectively then continue the various operation of process user.For payment link, first generate voucher (namely about the summary of payment transaction information), then signature request is sent to safe mode, exchange voucher, namely first voucher is transmitted, again await receipt safe mode feedback voucher and signature, then by voucher and signature be transferred to ebanking server by PERCOM peripheral communication.For other process, comprise display transaction results and the balance of deposits, account inquiry etc., still by the process of existing Net silver corresponding function.Exit, terminate.Supporting security module, can adopt the security mode function process that present device is existing, its treatment scheme is see the explanation of above-mentioned Figure 17.
Figure 19 and Figure 20 is in framework embodiment of the present invention, the treatment scheme of the micro-letter application of safety, wherein also reflects that the one application of secret collaborative framework described in above-mentioned Fig. 2 is specialized.Figure 19 describes the treatment scheme that conventional modules runs.Start first to carry out authentication (as adopted the flow process of above-mentioned Figure 16 and Figure 17), invalid, terminate, effectively then list shows micro-letter preview.According to operation during user's preview, roll and then upgrade list display; Click (someone or group) preview record, then the micro-letter record of list display association; Other operates (as discovery, search, interpolation, address list etc.), then corresponding enter other process.According to the operation to the list of micro-letter record, rolling then upgrades list display, and after other then does other process, return-list shows.Click micro-letter record and then first judge micro-letter content, be bright letter (expressly micro-letter) just direct displaying contents, then return display list; To secret letter (micro-letter of maintaining secrecy), then send to safe mode and read letter request, then transmit secret letter and go display to safe mode, then return display list.Write letter, need differentiation to write letter mode, common then as usually write micro-letter; That maintains secrecy then sends to safe mode the request of writing letter, the secret letter of await receipt feedback.No matter be common micro-letter, or maintain secrecy micro-letter, after determining micro-message this (plaintext or ciphertext), all the micro-letter transmitting procedure of same execution, is sent by PERCOM peripheral communication, then return-list display.Figure 20 describes the treatment scheme that security module is run.After startup, await receipt is from the application request of normal mode again and again.Whenever receiving request, first will cut touch screen, and operating under causing user to be switched to safe mode and watching, then specifically processing according to request function.For readding letter request, first receive the secret letter that transmits through inner exchanging of normal mode, micro-letter original text then displaying contents are reduced in deciphering (comprise and first remove visual coding); For the request of writing letter, first write micro-letter, then encrypt (comprising visual coding subsequently), generate the ciphertext text (i.e. secret letter) of micro-letter, then pass to normal mode through inner exchanging.For other requests, then perform other process corresponding.This request function is disposed, and just will cut touch screen, so that conventional modules continues to accept user operation, then security module turns request next time waiting and accept normal mode.
Embodiment
One of embodiments of the invention, information security computer equipment.Improve existing a kind of desktop computer, hardware aspect amendment motherboard design, supporting application need be developed in software aspect, thus expansion realizes.
See Fig. 1 and explanation thereof.The original hardware design of basic employing is as conventional subsystem, i.e. normal mode (1), comprises processor (11) and storer (12); Untrusted operating system (13) adopts WindowsXP, still uses disk storage; Original softwares such as conventional application (14) such as Office series still can use as usual, but must user security risk be pointed out, for ensuring safety, need in conjunction with new architecture development of new applications, its conventional modules runs on normal mode (embodiment see below).Equally, the original hardware design of basic employing is as secure subsystem, i.e. safe mode (2), comprises processor (21) and storer (22); Believable operating system (23) adopts the LINLUX operating system of increasing income, and uses flash memories; Key unit (24) realizes symmetric cryptographic algorithm AES and asymmetric cryptographic algorithm RSA, retain key storage region, generation or importing public private key pair, wherein AES is used for data encryption and deciphering, and RSA is used for encryption and decryption and the combine digital signature of AES key and verifies; Switch unit (25) is that the selection making the IO output line of purpose processor control electronic switch switches; Safety applications (26) development and Design as required, after also will illustrate.Connect normal mode (1) and safe mode (2) by USB3.0 bus inside, orientate main USB device respectively as and from USB device, design communication protocol on this basis, exchange information for the inner high speed between two kinds of patterns.The VDD-to-VSS line of two kinds of mode common the machine.Electronics switching mechanism (3), forms with 5 CD4053 and 1 MAX4611 numerical control simulant electronic switch chips.Inputoutput unit (4), touch-control/key mouse (41) corresponding keyboard and mouse, display/projection (42) corresponding display interface device, the corresponding export-oriented USB interface of communications (4n), add a MIC interface, all as sharing inputoutput unit.Ethernet interface is not shared, and still belongs to normal mode (1) special.Mainboard also arranges a button as switch key for safe mode (2), causes before cabinet, for by keyboard, mouse and display, from normal mode (1) force handoff to safe mode (2).In the LINLUX operating system as believable operating system (23), expansion equipment file driving, realize controlling the switching of electronics switching mechanism (3), conclusion provides application programming interface (API), also as the ingredient of switch unit (25).At the desktop of safe mode (2), also work out a system supervisor, operation interface is provided, enumerates title and the state of shared inputoutput unit, allow user operation management to arrange.
See Fig. 3, Fig. 4, Fig. 5, Fig. 6 and Fig. 7 and explanation thereof.Wiring on mainboard, with reference to shown design, by electronic switch chip C1, C2, C3, C4, C5, C6 mono-aspect connect MIC socket, keyboard socket, display socket and USB socket, connect normal mode and safe mode on the other hand.Another increase a slice CD4053, connects the mode of keyboard socket according to chip C1, connect mouse socket (being also PS/2 standard interface) on the one hand, connects normal mode and safe mode on the other hand.Wherein, the switching of USB socket is controlled, realize according to the strategy of flow process shown in Fig. 7.
In safety applications software, see Fig. 9, Figure 11, Figure 13, Figure 15 and Figure 17 and explanation thereof, realize a security service, will with start self-starting after being installed on safe mode, so the conventional modules of other safety applications, corresponding security function process just can be asked to serve.During by G-Design, need, the switching to touch screen (touch screen and display screen), to change the switching to keyboard, mouse and display into.
Safe mode adds such ID authentication mechanism: upon power-up of the system, at least first display, USB interface are switched to safe mode, prompting checking fingerprint, treat that user is from USB interface access fingerprint device and after inputting fingerprint, safe mode is compared inspection, if effectively, continue, otherwise point out and stop.
Safe mode always switches inputoutput unit where necessary, on the contrary no matter from normal mode to safe mode or.For making user, the concrete pattern residing for its current operation is known what's what, very clear, on the desktop background of safe mode and/or the operation interface of safety applications, can personalized identification be arranged, as special picture and text, color, sound equipment etc.
Embodiments of the invention two, information security cell phone apparatus.Improve existing a kind of mobile phone, hardware aspect amendment motherboard design, supporting application need be developed in software aspect, thus expansion realizes.
See Fig. 1 and explanation thereof.The original hardware design of basic employing is as conventional subsystem, i.e. normal mode (1), comprises processor (11) and storer (12); Untrusted operating system (13) adopts Android (Android), still uses flash memories; Conventional application (14) such as original tool software still can use as usual, but must prompting user security risk.For ensuring safety, need in conjunction with new architecture development of new applications, its conventional modules runs on normal mode (embodiment see below).Equally, the original hardware design of basic employing is as secure subsystem, i.e. safe mode (2), comprises processor (21) and storer (22); Believable operating system (23) adopts independently developed special purpose operating system, uses flash memories; Key unit (24) realizes symmetric cryptographic algorithm AES and asymmetric cryptographic algorithm RSA, retain key storage region, generation or importing public private key pair, wherein AES is used for data encryption and deciphering, and RSA is used for encryption and decryption and the combine digital signature of AES key and verifies; Switch unit (25) is that the selection making the IO output line of purpose processor control electronic switch switches; Safety applications (26) development and Design as required, after also will illustrate.Connect normal mode (1) and safe mode (2) by USB3.0 bus inside, orientate main USB device respectively as and from USB device, design communication protocol on this basis, exchange information for the inner high speed between two kinds of patterns.The VDD-to-VSS line of two kinds of mode common the machine.Electronics switching mechanism (3), form with one group of CD4053 numerical control simulant electronic switch chip, number of chips depends on the sum needing line switching signal.Inputoutput unit (4), touch-control/key mouse (41) corresponding touch screen, display/projection (42) corresponding display screen interface, communications (4n) corresponding wireless communication interface, add MIC, earphone, camera, GPS, Fingerprint Identification Unit interface, all as sharing inputoutput unit.Mainboard also arranges a sliding button as switch key for safe mode (2), causes phone housing side, for by touch screen and display screen, from normal mode (1) force handoff to safe mode (2).In the special purpose operating system as believable operating system (23), realize controlling the switching of electronics switching mechanism (3), conclusion provides application programming interface (API), also as the ingredient of switch unit (25).At the desktop of safe mode (2), also work out a system supervisor, operation interface is provided, enumerates title and the state of shared inputoutput unit, allow user operation management to arrange.
Similar with one of above-described embodiment, with one group of electronic switch chip, by each shared inputoutput unit, be connected with safe mode with normal mode, so that safe mode can control to switch.Safe mode adds such ID authentication mechanism: upon power-up of the system, at least first touch screen, fingerprint device or camera is switched to safe mode, and prompting input fingerprint or the inspection of brush face, if effectively, continue, otherwise point out and stop.Safe mode always switches inputoutput unit where necessary, on the contrary no matter from normal mode to safe mode or.For making user understand the pattern that its operation is concrete residing, on the desktop background of safe mode and/or the operation interface of safety applications, personalized identification can be arranged, as special picture and text, color, sound equipment etc.
In safety applications software, see Fig. 9, Figure 11, Figure 13, Figure 15 and Figure 17 and explanation thereof, realize a security service, will with start self-starting after being installed on safe mode, so the conventional modules of other safety applications, corresponding security function process just can be asked to serve.Desktop in normal mode, arranges several like this frequent function icon and difference matching convention module programming: phone, realizes with reference to Fig. 8; Information, realizes with reference to Figure 10; Address list, realizes with reference to Figure 12; File, realizes with reference to Figure 14.So such mobile phone, just can be used for calling, receiving and dispatching note, management communication record and classified document safe and secretly.
Embodiments of the invention three, mobile phone safe file management application.On the basis of existing file management application, realize the conventional modules of file management with reference to Figure 14 and Figure 15 and explanation thereof.The security module of file management, just utilizes the security module in mobile phone, and it realizes explanation in two of above-described embodiment.For classified document defines specific file header form and method of calibration, and special file name suffix, so that file management identification, distinguish classified document and ordinary file.
Embodiments of the invention four, safety network bank is applied.On the basis that existing Net silver is applied, realize the conventional modules of Net silver client with reference to Figure 18 and explanation thereof.Wherein, authentication during login, realizes with reference to Figure 16 and explanation thereof, and adopts pin mode.The security module of Net silver, just utilizes the security module in mobile phone, and it realizes illustrating in two of above-described embodiment, but uses the key of bank oneself.The safety network bank of the present embodiment, key completes certification and signature in the secure mode, and associative operation, is also to carry out under guarantee required input output block is switched to the prerequisite of safe mode.
Embodiments of the invention five, the micro-letter application of safety.On the basis of existing micro-letter application, realize the conventional modules of micro-letter client with reference to Figure 19 and explanation thereof, by installation and operation in mobile phone normal mode.Wherein, authentication during login, realizes with reference to Figure 16 and explanation thereof, and adopts signature scheme.The flow for authenticating ID of micro-telecommunications services end, also needs corresponding modify, adopts asymmetric challenge responses strategy, for each logging request dynamically generates random number.Client conventional modules is using current random number as voucher, and sign through the security module of inner exchanging by mobile phone itself at mobile phone, the digital certificate that service end then utilizes user formerly to register carrys out certifying signature.Security module in mobile phone realizes, explanation in two of above-described embodiment.The security module of micro-letter client is realized, by installation and operation in mobile phone safe pattern with reference to Figure 20 and explanation thereof.Conventional modules and security module synthetic operation, can realize secret micro-letter, and with existing common micro-letter compatibility and co-existence.For protecting the secret of micro-letter address list details, Figure 12 and Figure 13 can be copied to improve realization, basic measures, one is that micro-letter address list stores in the secure mode, and two is open before and after micro-letter address list to switch touch screen.Further improvement, is that security module calls switching MIC and earphone, converses, and even also call switching camera and realize secure video call with conventional modules cooperative achievement secure voice.
Above-mentioned multiple embodiment, the whole possible range of the present invention that should not be understood to exhaustive, should not form the restriction to right of the present invention yet.

Claims (10)

1. an information security electronic equipment, typical in computing machine, communication terminal and Intelligent worn device, its hardware formation comprises processor/controller, storer, inputoutput unit, its architecture comprises normal mode and safe mode and parallel running, wherein, normal mode performs the process of purposes predetermined function in open system environment, safe mode performs security confidentiality function process in closed system environment, also the partial function process of similar normal mode is performed alternatively, described two kinds of patterns have independently processor/controller run on separately independently memory address space separately, mutually go back internal exchange message, described two kinds of pattern shared portion or all inputoutput unit, especially also comprise electronics switching mechanism in equipment and be controlled by safe mode, by selecting the key signal line group synchronization implementation circuit of target inputoutput unit, control to switch target inputoutput unit and be exclusively communicated with normal mode or safe mode, it is characterized in that, described normal mode and described safe mode link and cooperate, be built with secret collaborative framework, transparent switching target inputoutput unit, comprise the following steps:
(1) normal mode sends function request to safe mode;
(2) safe mode is from the request of normal mode receiving function; Alternatively, safe mode checks preset security strategy is to determine whether accept;
(3) security mode control electronics switching mechanism, switches target inputoutput unit and is communicated with safe mode;
(4) safe mode processes into function request, comprises secret content of operation; Period, safe mode and normal mode exchanged data ciphertext alternatively;
(5) security mode control electronics switching mechanism, switches target inputoutput unit and is communicated with normal mode;
(6) safe mode is to normal mode transmission processing result, then waits lower subfunction request;
(7) normal mode receives result from safe mode, then performs subsequent treatment.
2. equipment according to claim 1, is characterized in that, described safe mode provides the application programming interface controlling to switch, and calls realization for transparent switching.
3. equipment according to claim 1, is characterized in that, described security strategy comprises time and/or geographic position limiting factor.
4. equipment according to claim 1, is characterized in that, described security strategy comprises communication party identity information limiting factor.
5. an information security application architecture, it is the framework for the establishment of information security electronic equipment and/or deployment secure application, described framework comprises conventional modules and security module, installation and operation is in normal mode and safe mode respectively, realize safety applications predetermined processing function, wherein, conventional modules performs basic purposes function, security module performs security confidentiality function, especially, security module manipulation electronics switching mechanism, by selecting the key signal line group synchronization implementation circuit of target inputoutput unit, control to switch target inputoutput unit and be exclusively communicated with normal mode or safe mode, it is characterized in that, conventional modules in described framework and security module link and cooperate, be built with secret collaborative framework, transparent switching target inputoutput unit.
6. framework according to claim 5; it is characterized in that; described transparent switching comprises Touch Screen; or projection screen control; or display and keyboard and mouse; as the basic option switching target inputoutput unit, to scheme the secret of protected file data/communication information in the secure mode, or ensure the safety of transaction payment/issued transaction.
7. framework according to claim 5, is characterized in that, described transparent switching comprises Fingerprint Identification Unit and camera, as the combination option switching target inputoutput unit, to scheme the privacy protecting identification biological characteristic in the secure mode.
8. framework according to claim 5, is characterized in that, described transparent switching comprises microphone, speaker and camera, as the combination option switching target inputoutput unit, to scheme to realize maintaining secrecy of voice and video call in the secure mode.
9. framework according to claim 5, is characterized in that, described transparent switching comprises microphone, camera and steady arm, as the combination option switching target inputoutput unit, to scheme the risk of avoiding in the secure mode being ravesdropping, taking on the sly and following the trail of.
10. framework according to claim 5, it is characterized in that, described transparent switching comprises communications parts, as the reservation option switching target inputoutput unit, to scheme to isolate normal mode and PERCOM peripheral communication, and even directly implement secret communication in the secure mode.
CN201510413949.9A 2015-06-05 2015-07-05 Information security electronic equipment and application architecture Pending CN105243341A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510413949.9A CN105243341A (en) 2015-06-05 2015-07-05 Information security electronic equipment and application architecture

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201510313540X 2015-06-05
CN201510313540 2015-06-05
CN201510413949.9A CN105243341A (en) 2015-06-05 2015-07-05 Information security electronic equipment and application architecture

Publications (1)

Publication Number Publication Date
CN105243341A true CN105243341A (en) 2016-01-13

Family

ID=55040983

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510413949.9A Pending CN105243341A (en) 2015-06-05 2015-07-05 Information security electronic equipment and application architecture

Country Status (1)

Country Link
CN (1) CN105243341A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105656938A (en) * 2016-03-11 2016-06-08 广东欧珀移动通信有限公司 Method and device for communication
CN105868975A (en) * 2016-03-25 2016-08-17 宇龙计算机通信科技(深圳)有限公司 Electronic finance account management method and system, and mobile terminal
TWI602123B (en) * 2016-05-16 2017-10-11 北京珠穆朗瑪移動通信有限公司 A method, device for system switch and terminal
CN108537036A (en) * 2017-03-02 2018-09-14 深圳兆日科技股份有限公司 Safety certifying method, device and corresponding mobile terminal
CN109408422A (en) * 2018-10-26 2019-03-01 苏州浪潮智能软件有限公司 A kind of data interaction system suitable for dual system self-aided terminal
CN110061978A (en) * 2019-03-20 2019-07-26 深圳金澜汉源科技有限公司 Binary Cooperative Security client framework
CN110781528A (en) * 2019-09-26 2020-02-11 深圳金澜汉源科技有限公司 Collaborative secure operating system architecture, operating system and electronic device
CN113364912A (en) * 2021-05-28 2021-09-07 要塞移动通讯有限公司 Mobile phone with safe operation mode

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532938A (en) * 2013-09-29 2014-01-22 东莞宇龙通信科技有限公司 Application data protection method and system
WO2014207737A1 (en) * 2013-06-24 2014-12-31 Rotem Achi Achi Cdbms (cloud database management system) distributed logical unit repository
CN104573548A (en) * 2014-12-22 2015-04-29 宇龙计算机通信科技(深圳)有限公司 Information encryption and decryption methods and devices and terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014207737A1 (en) * 2013-06-24 2014-12-31 Rotem Achi Achi Cdbms (cloud database management system) distributed logical unit repository
CN103532938A (en) * 2013-09-29 2014-01-22 东莞宇龙通信科技有限公司 Application data protection method and system
CN104573548A (en) * 2014-12-22 2015-04-29 宇龙计算机通信科技(深圳)有限公司 Information encryption and decryption methods and devices and terminal

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105656938A (en) * 2016-03-11 2016-06-08 广东欧珀移动通信有限公司 Method and device for communication
CN105868975A (en) * 2016-03-25 2016-08-17 宇龙计算机通信科技(深圳)有限公司 Electronic finance account management method and system, and mobile terminal
CN105868975B (en) * 2016-03-25 2019-06-11 宇龙计算机通信科技(深圳)有限公司 Management method, management system and the mobile terminal of electronic banking account
TWI602123B (en) * 2016-05-16 2017-10-11 北京珠穆朗瑪移動通信有限公司 A method, device for system switch and terminal
CN108537036A (en) * 2017-03-02 2018-09-14 深圳兆日科技股份有限公司 Safety certifying method, device and corresponding mobile terminal
CN109408422A (en) * 2018-10-26 2019-03-01 苏州浪潮智能软件有限公司 A kind of data interaction system suitable for dual system self-aided terminal
CN110061978A (en) * 2019-03-20 2019-07-26 深圳金澜汉源科技有限公司 Binary Cooperative Security client framework
CN110781528A (en) * 2019-09-26 2020-02-11 深圳金澜汉源科技有限公司 Collaborative secure operating system architecture, operating system and electronic device
CN113364912A (en) * 2021-05-28 2021-09-07 要塞移动通讯有限公司 Mobile phone with safe operation mode

Similar Documents

Publication Publication Date Title
CN105243341A (en) Information security electronic equipment and application architecture
CN105391840B (en) Automatically create destination application
CN101614942B (en) Network system of projector
JP5628831B2 (en) Digital video guard
US8260353B2 (en) SIM messaging client
CN101008967B (en) Methods and systems for cryptographically protecting secure content
EP2706699B1 (en) User terminal and payment system
CN104917807B (en) Resource transfers methods, devices and systems
CN110417750A (en) File based on block chain technology is read and method, terminal device and the storage medium of storage
CN103051664A (en) File management method and device for cloud storage system as well as cloud storage system
CN104123506B (en) Data access method, device, data encryption, storage and access method, device
CN109902477A (en) Ensure voice communication safety
CN103971071B (en) Computer network system for preventing input data from being recorded
CN109635581A (en) A kind of data processing method, equipment, system and storage medium
CN113242134B (en) Digital certificate signing method, device, system and storage medium
WO2021036511A1 (en) Method for data encryption, storage and reading, terminal device, and storage medium
JP2007249507A (en) Information leakage prevention method, information leakage prevention system and information terminal
CN106664535B (en) A kind of method for sending information, device, terminal device and system
CN106203141A (en) The data processing method of a kind of application and device
CN103873245B (en) Dummy machine system data ciphering method and equipment
CN103107881B (en) Access method, device and system of smart card
US20060104445A1 (en) Systems and methods for hiding a data group
CN100504829C (en) Communication of information via a side-band channel, and use of same to verify positional relationship
CN202978979U (en) Password security keypad device and password security pad system
CN101751522A (en) Method, device and system for preventing keys of keyboard from being logged

Legal Events

Date Code Title Description
DD01 Delivery of document by public notice

Addressee: Yang Zhuping

Document name: Notification of Acceptance of Patent Application

C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160113