CN110084074A - A kind of protective device and data equipment - Google Patents
A kind of protective device and data equipment Download PDFInfo
- Publication number
- CN110084074A CN110084074A CN201910355796.5A CN201910355796A CN110084074A CN 110084074 A CN110084074 A CN 110084074A CN 201910355796 A CN201910355796 A CN 201910355796A CN 110084074 A CN110084074 A CN 110084074A
- Authority
- CN
- China
- Prior art keywords
- protective cover
- data equipment
- attack
- detecting unit
- attack detecting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
Abstract
The present invention provides a kind of data equipment and protective device.The protective device, the first protective cover including being open with first, the first attack detecting unit, the second protective cover, the second attack detecting unit and adapter for detecting whether second protective cover is attacked with the second opening in first protective cover for detecting whether first protective cover is attacked;Second protective cover is for accommodating the data equipment;The adapter is located at the first opening and the second opening, connect with the interface of the data equipment;The detection sensitivity of the second attack detecting unit is greater than the first attack detecting unit.Protective device provided by the invention is arranged the first protective cover in the outside of second protective cover and is protected, and carries out duplicate protection, improves safety on the whole.
Description
Technical field
The present invention relates to field of information security technology more particularly to a kind of protective device and data equipments.
Background technique
With the rapid development of computer technology, computer is increasingly becoming public institution, industrial and commercial enterprises, military-political departments etc.
Groundwork mode.The universal and application of computer greatly drives information industry fast-developing, the fast development of information industry
A problem is brought, is exactly that information-leakage event is continuously increased, leakage of information is a serious problem, and especially puzzlement is in letter
Cease the mechanisms such as finance, security, government, the enterprise of security kernel region.With the continuous development of technology, object has been had already appeared now
Reason attack obtains the technology and side channel data acquiring technology of data, both technologies can transported according to computer or chip
Perhaps other electrical characteristics detect the calculating or data inside computer or chip to the electromagnetic wave generated in row, this is right
Computer or chip data security produce great threat, because both technologies can obtain encryption code key, once
Code key is acquired, and ciphertext reforms into plain text, loses the effect of secrecy.Generally, physical attacks can be divided into half intrusive attack
It is attacked with intrusive mood.Half intrusive attack refers to the function that hardware is obtained in hardware (such as computer or chip) use process
The bypass messages such as consumption, electromagnetic radiation steal hardware information by certain data analysing method.Half intrusive attack mainly for
Disclosed cryptographic algorithm is attacked, and for some undocumented cryptographic algorithms, or for storage program, operational data,
The key messages such as bus data obtain, and intrusive attack is taken often to become primary selection.Intrusive attack pattern by uncap,
The means such as drilling, corrosion realize destruction to hardware package shield (for example, computer or chip carrier), using take pictures, focus from
The technologies such as beamlet (Focused Ion Beam, FIB) and microprobe obtain hardware domain structure, modify internal cabling, and reading is deposited
Store up data.As it can be seen that attacker can obtain easily in computer or chip after computer or chip are by intrusive mood attack
Information.Therefore, intrusive attack is most effective, most thorough means in existing physical attacks, to the information of computer or chip
Safety guarantee proposes completely new challenge.
Summary of the invention
To solve the lower technical problem of safety in the prior art, the embodiment of the invention provides a kind of data equipments
Protective device and data equipment.
The embodiment of the present invention provides a kind of protective device of data equipment, wherein protects including first with the first opening
Shield, for detecting the first attack detecting unit that whether first protective cover attacked, being located in first protective cover
The second protective cover with the second opening, for detect the second attack detecting unit that whether second protective cover is attacked and
Adapter;Second protective cover is for accommodating the data equipment;The adapter is located at the first opening and the second opening,
It is connect with the interface of the data equipment;The detection sensitivity of the second attack detecting unit is greater than the first attack detecting list
Member.
Further preferably, first protective cover and/or second protective cover include electromagnetic absorption layer.
Further preferably, further include secure processing module and connect with the secure processing module for protecting the number
According to the protection location of equipment, the secure processing module respectively with the first attack detecting unit and the second attack detecting unit
Connection, the secure processing module are generated according to the signal that the first attack detecting unit and the second attack detecting unit provide
Control signal is transferred to the protection location.
Further preferably, the protection location is located on the adapter, for disconnecting the number when detecting attack
According to the connection of equipment.
Further preferably, the protection location is controllable switch or fuse.
Further preferably, the protection location is that the conducting liquid in second protective cover discharges structure, described
When second attack detecting unit detects that attack or second protective cover are destroyed, the conducting liquid discharges structure release
Conducting liquid.
Further preferably, the secure processing module is more than or equal to or is less than or equal to first threshold according to security parameter,
Lock the data equipment;And/or the secure processing module is more than or equal to or is less than or equal to the second threshold according to attack parameter
Value, locks the data equipment.
Further preferably, the first attack detecting unit and/or the second attack detecting unit are conductive gauze or light
Electric transducer or pressure sensor or temperature sensor or baroceptor or strain gauge or vibrating sensing
Device.
It further preferably, further include randomizer, the randomizer is connect with the conductive gauze, is used for
Generate interference electromagnetic wave.
The embodiment of the present invention also provides a kind of data equipment, wherein the protective device including above-mentioned data equipment.
The protective device of the data equipment of the embodiment of the present invention second protective cover outside be arranged the first protective cover into
Row protection, in the unbroken situation of the first protective cover, the higher second attack detecting unit of detection sensitivity will not trigger alarm
Signal reduces maloperation, meanwhile, the higher second attack detecting unit of detection sensitivity ensure that high intrusion detection success rate,
Safety is improved on the whole.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, for those of ordinary skill in the art
Speech, without any creative labor, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the data equipment protective device stereoscopic schematic diagram of the embodiment of the present invention.
Fig. 2 is the adaptor structure schematic diagram of the data equipment protective device of the embodiment of the present invention.
Fig. 3 is the data equipment protective device structural schematic diagram of the embodiment of the present invention.
Fig. 4 is the data equipment structural schematic diagram of the embodiment of the present invention.
Fig. 5 is the data equipment fractionation structural representation of the embodiment of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description.It is understood that specific embodiment described herein is only used for explaining the application, rather than to the limit of the application
It is fixed.Based on the embodiment in the application, obtained by those of ordinary skill in the art without making creative efforts
Every other embodiment, shall fall in the protection scope of this application.
Term " first ", " second ", " third " in the application are used for description purposes only, and should not be understood as instruction or dark
Show relative importance or implicitly indicates the quantity of indicated technical characteristic.It follows that define " first ", " second ",
The feature of " third " can explicitly or implicitly include at least one of the features.For example, in the model for not departing from the application
In the case where enclosing, first kind plane can be known as to the second class plane, and similarly, the second class plane can be known as the first kind and put down
Face.First kind plane and the second class plane both plane, but it is not same class plane.It is " more in the description of the present application
It is a " it is meant that at least two, such as two, three etc., unless otherwise specifically defined.In addition, term " includes " and
" having " and their any deformations, it is intended that cover and non-exclusive include.Such as contain a series of steps or units
Process, method, system, product or equipment are not limited to listed step or unit, but optionally further comprising do not arrange
Out the step of or unit, or optionally further comprising for the intrinsic other steps of these process, methods, product or equipment or list
Member.
Referenced herein " embodiment " is it is meant that a particular feature, structure, or characteristic described can wrap in conjunction with the embodiments
It is contained at least one embodiment of the application.Each position in the description occur the phrase might not each mean it is identical
Embodiment, nor the independent or alternative embodiment with other embodiments mutual exclusion.Those skilled in the art explicitly and
Implicitly understand, embodiment described herein can be combined with other embodiments.
Core of the invention thought is using multiple protective, compromise between security and sensitivity, in the case where guaranteeing safety
Reduce maloperation, so as to reduce unnecessary loss while obtaining higher-security, be conducive to the popularization of technology with
Implement.
Fig. 1 is the data equipment protective device stereoscopic schematic diagram of the embodiment of the present invention.Fig. 2 is the data of the embodiment of the present invention
The adaptor structure schematic diagram of equipment protecting equipment.Fig. 3 is the data equipment protective device structural schematic diagram of the embodiment of the present invention.
Fig. 1 to Fig. 3 is please referred to, the protective device 1 of the data equipment of the embodiment of the present invention includes the first protection with the first opening 171
Cover 17, for detecting the first attack detecting unit 151 that whether first protective cover 17 attacked, being located at first protective cover 17
The second attack inspection that inside there is the second protective cover 19 of the second opening 191, whether attacked for detecting second protective cover 19
Survey unit 153 and adapter 13;It is preferred that the first attack detecting unit 151 is located at first protective cover 17 and second protection
Between cover 19 or on the outside of second protective cover 19 or on the inside of first protective cover 17, the second attack detecting list
Member 153 is located in second protective cover 19;Second protective cover 19 is for accommodating the data equipment (not shown), the number
According to equipment the equipment such as module can be sent or received for processor, display module, data;The adapter 13 is located at the first opening
171 and second opening 191 at, connect with the interface of the data equipment, for the data equipment of transferring to outside, realize data
Using;First opening 171 and the second opening 191 cooperate with the adapter 13 sealing, and guaranteeing will not be by attacker between three
It utilizes, implements attack;The detection sensitivity of the second attack detecting unit 153 is greater than the first attack detecting unit 151.This first
The attack detecting ability of detection unit 151 is more than or equal to zero.The protective device of the data equipment wraps up the data equipment layer by layer,
There are two protective covers to protect for tool, forms duplicate protection.The higher second attack detecting unit 153 of detection sensitivity, which is located at first, to be protected
Under shield 17, the variation of external environment does not affect the second attack detecting unit 153 substantially, therefore, base under normal circumstances
Originally there is no a possibility that maloperation.When under attack, even if the first protective cover 17 is broken, attacker still cannot obtain institute
Key message is needed, key message could be obtained by still needing to break through the second protective cover 19;But the second attack detecting unit 153 detects
Sensitivity is greater than the first attack detecting unit 151, and therefore, attacker will trigger the second attack inspection when implementing physics attack
It surveys unit 153 and alarm signal occurs, so that data equipment be made to be protected.Certainly, under normal circumstances, attacker is in attack first
When protective cover 17, the first attack detecting unit 151 will issue alarm signal.Therefore, the present invention is higher using detection sensitivity
Second attack detecting unit 153 and the second protective cover 19 are used as last line of defense, improve intrusion detection (or physical attacks detection or
Person's destructive test) success rate;The first protective cover 17 is arranged in the outside of second protective cover 19 to be protected, in the first protective cover
The second attack detecting unit 153 will not trigger alarm signal in 17 unbroken situations, reduce maloperation while ensure that height
Intrusion detection success rate improves the safety of safety device of the present invention on the whole.
In certain embodiments, which can be layer structure or membrane structure, at this point, second protection
Cover can stick on the inner surface of first protective cover or second protective cover can be close to the interior table of first protective cover
Face.
The material of first protective cover 17 is rigid plastics or metal, and the material of second protective cover 19 is frangible material
Material.In certain embodiments, which includes ontology and the frangible layer on the ontology, the ontology by plastics or
Person's metal is made.The frangible layer is preferably the coat of metal, and certainly, which can also be with other coating or film layer.This implementation
Example frangible layer or friable material refer to that the intensity of this layer or material is less than 1KPa.First protective cover 17 and the second protective cover 19
In at least one protective cover be it is opaque, attacker cannot by naked eyes or other equipment know internal junction easily
Structure.
The protective device of the data equipment of the present embodiment further includes secure processing module 155, the secure processing module 155
In in first protective cover 17.The secure processing module 155 can be located at first protective cover 17 and second protective cover 19 it
Between, it can also be located in second protective cover 19.The preferred the latter of the present embodiment guarantees that the secure processing module 155 will not be attacked
The person of hitting destroys easily.
The protective device of the data equipment of the present embodiment further includes being connect with the secure processing module 155 for protecting institute
State the protection location 131 of data equipment.The secure processing module 155 is attacked with the first attack detecting unit 151 and second respectively
The connection of detection unit 153 is hit, the secure processing module 155 is according to the first attack detecting unit 151 and the second attack detecting list
The signal that member 153 provides generates control signal and is transferred to the protection location 131.It is preferred that the protection location 131 is located at the adapter
On 13, for when detecting attack, (the first attack detecting unit 151 and/or the second attack detecting unit 153 to be detected and attacked
When hitting) disconnect the connection of the data equipment;Certainly, in other embodiments, the protection location 131 can be with destroy or
The protective device for damaging property, can be destroyed or be damaged to core devices (such as encryption chip, CPU etc.), allow attack
Person cannot get valuable information.The protection location 131 is controllable switch or fuse.The protection location 131 is according to the peace
Full processing module 155 provides instruction or control signal and generates corresponding movement, such as disconnects the electricity on the adapter 13, makes
The data equipment does not work.The controllable switch can be triode or metal-oxide-semiconductor or IGBT or relay etc..The fusing
Device can be a fuse or other fusible substances;When attack is detected, which gives the protection
Unit 131(, that is, fuse) output larger current, which fuses, so that the data equipment does not work.
In order to further improve the security can, the protective device of the present embodiment preferably data equipment setting security parameter and
Attack parameter.It sets when the security parameter dispatches from the factory or is set through authoritative institution, for protecting the protective device of the data equipment
Safety in transportational process.The secure processing module 155 is more than or equal to or is less than or equal to first threshold, lock according to security parameter
The protective device of the dead data equipment, the data equipment in the protective device of the data equipment cannot work, and guarantee transportational process
In safety.By the secure processing module 155, according to the protective device of the data equipment, under fire situation obtains the attack parameter,
If attack parameter is more than or equal to or is less than or equal to second threshold, which locks the protection of the data equipment
Device, after the protective device for locking data equipment, data equipment in the protective device of the data equipment cannot work, and guarantee
The protective device of the data equipment is not by undying attack.It needs to unlock after the protective device of the data equipment is locked, solve
By authoritative institution, perhaps company carries out authoritative institution to lock or the security parameter and/or attack parameter are reset to and met by company
It is required that numerical value, complete unlock.
As a kind of implementation of the present embodiment, the first attack detecting unit 151 and/or the second attack detecting unit
153 be respectively first sensor and second sensor, the first sensor and second sensor respectively with the secure processing module
155 connections.The first sensor can pass for photoelectric sensor, pressure sensor, temperature sensor, baroceptor, vibration
Sensor or strain gauge.The second sensor can also be with photoelectric sensor, pressure sensor, temperature sensor, air pressure transmission
Sensor, vibrating sensor or strain gauge.For example, the first sensor is photoelectric sensor, it is located at first protection
Between cover 17 and the second protective cover 19 or on the outside of second protective cover 19 or on the inside of first protective cover 17, when
First protective cover 17 has light when being physically attacked and destroying and enters between first protective cover 17 and the second protective cover 19,
So the photoelectric sensor can generate signal, which is referred to as alarm signal, which is transferred to the safe handling
Module 155, which controls the protection location 131 movement and is protected, such as powers off.Second protective cover
19 can be made of fragile paper, which is baroceptor, when second protective cover 19 is destroyed, second sensing
The variation that device perceives air pressure generates alarm signal, which is transferred to the secure processing module 155, the safe handling
Module 155 controls the protection location 131 movement and is protected, such as powers off.The remolding sensitivity photoelectric sensing of the baroceptor
Device is high, therefore, the detection sensitivity of the second attack detecting unit 153 is higher than the first attack detecting unit 151;Or second protection
There are certain air pressures in cover 19, which is lower than an atmospheric pressure, when second protective cover 19 is destroyed, second protection
Air pressure in cover 19 can appreciate an atmospheric pressure, and baroceptor is very easy to this variation of detection, therefore, there is no need to precision very
High baroceptor can realize highly sensitive detection, cost can also be made to reduce.In certain embodiments, second guarantor
Shield 19 includes the ontology made of plastics or metal and the frangible layer on the ontology, which is the coat of metal,
The second sensor is strain gauge.When the strain gauge perceives the coat of metal stress mutation, alarm signal is generated
Number and be sent to the secure processing module 155,155 control and protection unit 131 of secure processing module movement is protected, such as
Power-off.
In certain embodiments, which can be layer structure or membrane structure, at this point, second protection
Cover can stick on the inner surface of first protective cover or second protective cover can be close to the interior table of first protective cover
Face.
As a kind of implementation of the present embodiment, the first attack detecting unit and/or the second attack detecting unit are
Conductive gauze.It is preferred that the first attack detecting unit is the first conductive gauze, which is the second conductor wire
Net.The first conductive gauze is located on first protective cover 17, which is located on second protective cover 19.This
The reticular density of two conductive gauzes is greater than the first conductive gauze.The first conductive gauze and the second conductive gauze respectively with power supply and
Between the secure processing module 155, when the conductor wire in the first conductive gauze and the second conductive gauze is broken, the peace
Full processing module 155 just can not receive electric current or voltage or receive other signals, the secure processing module 155 it is known that
There are attacks.If having electric current or voltage, show not attack, conversely, indicating attack.The secure processing module 155 can also
To use other judgment methods, judge whether to be attacked by the first conductive gauze and the second conductive gauze.In order to increase
The arrangement of the difficulty of physical attacks, the preferably conductive gauze (the first conductive gauze and/or the second conductive gauze) of the present embodiment is not
Rule, it allows attacker to find attacked site there are larger difficulty, improves safety.It is thorough for further difficult attacker
Bottom can not find the regularity of conductive gauze arrangement, the present embodiment preferably this be irregularly randomly generated, i.e., conductive gauze arrangement
It is random, as long as detection sensitivity can be produced and be met.Further preferably, the protection dress of the data equipment of the present embodiment
Setting further includes randomizer, the randomizer connect with the first conductive gauze and/or the second conductive gauze (i.e. with
Conductive gauze connection), for generating interference electromagnetic wave.The electric signal that the electric signal and power supply that the randomizer generates generate
Together by conductive gauze, the interference electromagnetic wave that conductive gauze generates just has randomness, the frequency and amplitude of the interference electromagnetic wave
It is preferred that increasing the difficulty cracked in same range with the electromagnetic wave of the generation of the secure processing module 155 and data equipment.For
Difficulty is further increased, the conductor wire of preferably conductive gauze is irregular conductor wire, which includes sectional area
Length direction be the conductor wire of variation or surface there is raised or sunken conductor wire or at least there are two bending or
Bending be different conductor wire or at least there are two bending or bending be not in the conductor wire of a plane;The variation is
Random;Alternatively, the raised or sunken shape or arrangement are random;Alternatively, the shape of the bending or bending or
Arrangement is random.The interference electromagnetic wave that conduction gauze of the embodiment of the present invention generates is by randomizer, random arrangement
And triple random effects such as irregular conductor wire (this is irregularly random), so that attacker attacks or cracks
It has no way of doing it, significantly increases information security.
The adapter 13 includes first end 133 and second end 135, which connect with the interface of data equipment, should
First end 133 allows use or power supply etc. of the external equipment to data equipment for external connection.
Protective device 1 in order to facilitate the data equipment of the embodiment of the present invention uses, and the protective device 1 of the data equipment is wrapped
Openable upper cover 11 and lower cover 15 are included, which is located on lower lid.Using the data equipment protective device 1 when,
Open upper and lower covers, by data equipment be placed in lower cover 15 and by the second end of the adapter 13 135 be inserted into the data equipment
Interface, then cover upper cover 11, upper and lower covers lid closed.Upper and lower covers Gai Hehou, the protective device 1 of the data equipment again cannot be by
It opens, is removed except nonviolent, ensure that the safety of data equipment.
Fig. 4 is the structural schematic diagram of the data equipment of the embodiment of the present invention.Fig. 5 is the data equipment of the embodiment of the present invention
Fractionation structural representation.Referring to figure 4. and Fig. 5, the data equipment 2 of the embodiment of the present invention, including circuit board 273, connect for outside
Interface (276,278), controller 277 and the FPGA(field programmable gate array connect) 275, the interface (276,278), controller
277 and FPGA275 is connect with the circuit board 273 respectively, the present embodiment preferably controller 277 by flexible circuit board 279 with
Circuit board 273 connects.In the present embodiment, which includes first interface 276 and second interface 278, certainly,
In other embodiments, the first interface 276 and second interface 278 be can integrate as an interface.The data equipment 2 further includes tool
There is the first protective cover 21 of the first opening (not shown), attacked for detecting whether first protective cover 21 is attacked first
It hits detection unit 231, the second protective cover 25 with the second opening (not shown) in first protective cover 21 and uses
In detecting the second attack detecting unit 233 for whether being attacked of second protective cover 25.The first attack detecting unit 231 can be with
It on first protective cover 21, can also be located on the outer surface of second protective cover 25, may be located on first protection
Between cover 21 and second protective cover 25.The second attack detecting unit 233 can be located on second protective cover 25, can also be with
In second protective cover 25.The attack detecting ability of the first detection unit 151 is more than or equal to zero.Second protective cover 25
For accommodating the circuit board 273, controller 277 and FPGA275.The interface (276,278) is located at the first opening and the second opening
Place is connected for external equipment, and first opening and the second opening cooperate with the interface (276,278) sealing, is guaranteed between three
It will not be utilized by attacker, implement attack.The outermost of the interface (276,278) is flushed with first protective cover 21, thus
It can prevent the interface (276,278) from being attacked or being detected, ensure that connection safety.Further, preferably the interface (276,
278) outermost is located at the first opening the inside, and such external connection line is all placed in the protection scope of the first protective cover 21
It is interior, further increase the safety of connection.The detection sensitivity of the second attack detecting unit 233 is greater than the first attack detecting
Unit 231.Detection sensitivity described in the present embodiment refers to the first attack detecting unit 231 or the second attack detecting unit
233 perception are broken into and (are either attacked or be destroyed) power of ability.The data equipment 2 of the present embodiment has the first protection
Cover 21 and the second protective cover 25, when the data equipment 2 is physically attacked, which detects attack,
Alarm signal is generated, the attack of attacker can be prevented.Due to the first attack detecting unit 231 detection sensitivity angle compared with
It is low, when clever attacker is not detected by the first attack detecting unit 231 when destroying the first protective cover 21, due to the second guarantor
The presence of shield 25 needed for attacker cannot still obtain, needs to continue to implement attack.Attacker protects in attack second
When covering 25, which detects attack, generates alarm signal, can prevent the attack of attacker.Due to
The detection sensitivity of second attack detecting unit 233 is higher, substantially increases attack detecting success rate, ensure that implementation of the present invention
The safety of the data equipment 2 of example.Multiple protective protective cover, detection sensitivity high level matches with low level, guarantor while reducing maloperation
High attack detecting success rate has been demonstrate,proved, has improved the safety of the data equipment of the embodiment of the present invention on the whole.In order to facilitate assembling
And production, the protective cover of the embodiment of the present invention include that upper casing 3 and lower casing 4 are constituted, circuit board 273 waits components to place in lower casing 4,
Upper casing is covered again to fix, and completes assembling.The upper protective cover 31 of the upper casing 3 including the first protective cover 21 and the second protective cover 25 it is upper
Protective cover 33, the lower casing include the lower protective cover 41 of the first protective cover 21 and the lower protective cover 43 of the second protective cover 25.Further
It is preferred that the material of first protective cover 21 is rigid plastics or metal, the material of second protective cover 25 is friable material;Or
Person, second protective cover 25 include the ontology made of plastics or metal and the frangible layer on the ontology.The present embodiment
Frangible layer or friable material refer to that the intensity of this layer or material is less than 1KPa.In first protective cover 21 and the second protective cover 25
At least one protective cover be it is opaque, attacker cannot by naked eyes or other equipment know internal structure easily.
In order to improve safety, distance of the present embodiment preferably between first protective cover 21 and the second protective cover 25 is less than 5mm, attacks in this way
The person of hitting can inevitably destroy the second protective cover when breaking through the first protective cover, play safer protection.In order to protect
Circuit board 273, the present embodiment preferably circuit board 723 are fixed in the lower protective cover 43 by elastic supporting member for supporting optical member 271.
Further preferably, which further includes the protection location (not shown) connecting with the controller 277,
The controller 277 is connect with the first attack detecting unit 231 and the second attack detecting unit 233 respectively, the controller 277
The signal provided according to the first attack detecting unit 231 and the second attack detecting unit 233 generates control signal and is transferred to this
Protection location.It is preferred that the protection location is located on the interface (276,278), for (the first attack detecting when detecting attack
When unit 231 or the second attack detecting unit 233 detect attack) disconnect the connection of the data equipment 2.The protection location is
Controllable switch or fuse.The controllable switch can be triode or metal-oxide-semiconductor or IGBT or relay etc..The fusing
Device is a fuse or other fusible substances, and when attack is detected, the controller 277 control is exported to the fuse
Larger current, the fuse fuse, so that part of devices or whole devices do not work on the circuit board 273.
In order to further improve the security can, the present embodiment preferably data equipment 2 setting security parameter and attack parameter.
It sets when the security parameter dispatches from the factory or is set through authoritative institution, for protecting the safety in 2 transportational process of data equipment.It should
Controller 277 is more than or equal to or is less than or equal to first threshold according to security parameter, locks the data equipment, the data equipment 2
It cannot work, guarantee the safety in transportational process.The attack parameter is by the controller 277 according to the data equipment 2 under fire feelings
Shape obtains, if attack parameter is more than or equal to or is less than or equal to second threshold, which locks the data equipment 2, locks
After data equipment 2, which cannot work, and ensure that the data equipment 2 not by undying attack.The data equipment 2
It needs to unlock after locked, by authoritative institution, perhaps company carries out authoritative institution or company by the security parameter and/or attacks for unlock
It hits parameter and resets to satisfactory numerical value, complete unlock.
As a kind of implementation of the present embodiment, the first attack detecting unit 231 and/or the second attack detecting unit
233 be respectively first sensor and second sensor, and the first sensor and second sensor connect with the controller 277 respectively
It connects.The first sensor can for photoelectric sensor, pressure sensor, temperature sensor, baroceptor, vibrating sensor or
Person's strain gauge.The second sensor can also be with photoelectric sensor, pressure sensor, temperature sensor, baroceptor, vibration
Dynamic sensor or strain gauge.For example, the first sensor is photoelectric sensor, it is located at first protective cover 21 and the
Between two protective covers 25 or on the outside of second protective cover 25 or on the inside of first protective cover 21, as first guarantor
Shield 21 has light and enters between first protective cover 21 and the second protective cover 25 when being physically attacked and destroying, then the light
Electric transducer can generate signal, which is referred to as alarm signal, which is transferred to the controller 277, the control
Device 277 controls protection location movement and is protected, such as power-off or breaking-up significant data or device.Second protective cover
25 can be made of fragile paper, which is baroceptor, when second protective cover 25 is destroyed, second sensing
The variation that device perceives air pressure generates alarm signal, which is transferred to the controller 277, the controller 277 control
Protection location movement is protected, such as power-off or breaking-up significant data or device.The remolding sensitivity of the baroceptor
Photoelectric sensor is high, therefore, the detection sensitivity of the second attack detecting unit 233 is higher than the first attack detecting unit 231;Or it should
There are certain air pressures in second protective cover 25, which is lower than an atmospheric pressure, should when second protective cover 25 is destroyed
Air pressure in second protective cover 25 can appreciate an atmospheric pressure, and baroceptor is very easy to this variation of detection and is therefore not required to
It wants highly accurate baroceptor that can realize highly sensitive detection, cost can also be made to reduce.In certain embodiments,
Second protective cover 25 includes the ontology made of plastics or metal and the frangible layer on the ontology, which is gold
Belong to coating, which is strain gauge.When the strain gauge perceives the coat of metal stress mutation, generate
Alarm signal is simultaneously sent to the controller 277,277 control and protection unit of controller movement protected, such as power-off or
Damage significant data or device.The first sensor can be a variety of of the sensor with second sensor, as long as having one
A sensor detects invasion (or attack), which is protected with regard to control and protection unit movement.
As a kind of implementation of the present embodiment, the first attack detecting unit 231 and/or the second attack detecting unit
233 be conductive gauze.It is preferred that the first attack detecting unit 231 is the first conductive gauze, which is
Second conductive gauze.The first conductive gauze is located on first protective cover 21, which is located at second protection
On cover 25.The reticular density of the second conductive gauze is greater than the first conductive gauze.The first conductive gauze and the second conductive gauze
Respectively between power supply and the controller 277, once the conductor wire in the first conductive gauze and the second conductive gauze is broken
When, which just can not receive electric current or voltage or receives other signals, the controller 277 it is known that in the presence of
Attack.If having electric current or voltage, show not attack, conversely, indicating attack.In order to increase the difficulty of physical attacks, this
The arrangement of the preferably conductive gauze (the first conductive gauze and/or the second conductive gauze) of embodiment be it is irregular, allow attacker to seek
It looks for attacked site there are larger difficulty, improves safety.For further difficult attacker, conductive gauze row thoroughly can not find
The regularity of cloth, the present embodiment preferably this be irregularly randomly generated, i.e., conductive gauze arrangement is random, as long as can produce
With meet detection sensitivity.Further preferably, the data equipment 2 of the present embodiment further includes randomizer, this is random
Number generator connect and (connect with conductive gauze) with the first conductive gauze and/or the second conductive gauze, for generating interference
Electromagnetic wave.The electric signal that the randomizer generates passes through conductive gauze, conductive gauze together with the electric signal that power supply generates
The interference electromagnetic wave of generation just has randomness, the electromagnetism that the frequency and amplitude of the interference electromagnetic wave are preferably generated with controller 277
Wave increases the difficulty cracked in same range.The conductor wire of difficulty in order to further increase, preferably conductive gauze is irregular
Conductor wire, the irregular conductor wire include sectional area length direction be the conductor wire of variation or surface have it is raised or sunken
Conductor wire or at least there are two bending or bending be different conductor wire or at least there are two bending or bending
It is not in the conductor wire of a plane;The variation is random;Alternatively, the raised or sunken shape or arrangement are random
's;Alternatively, the shape or arrangement of the bending or bending are random.The interference electricity that conduction gauze of the embodiment of the present invention generates
Magnetic wave is triple random by randomizer, random arrangement and irregular conductor wire (this is irregularly random) etc.
Effect, has no way of doing it so that attacker attacks or cracks, significantly increases information security.
In order to reduce the data equipment 2 external electromagnetic radiation at work, preferably first protection of the embodiment of the present invention
Cover 21 and/or second protective cover 25 further include electromagnetic absorption layer.The electromagnetic adsorption layer is made of electromagnetic wave adsorption material, can
To be located at the inside or outside of protective cover.
As a kind of implementation of the present embodiment, the preferably protection location is the conduction in second protective cover 25
Liquid discharges structure, when the second attack detecting Unit 233 is attacked or second protective cover 25 is destroyed, the conducting liquid
Discharge structure release conducting liquid.The conducting liquid can flow on the circuit board 273, lead to 273 short circuit of circuit board and stop
Work even damage or the shorted devices on the circuit board 273 and stop working even damage.
Although embodiment is illustrated by the attached drawing limited, the those skilled in the art of the art can be in institute
It states and carries out a variety of amendments and deformation on the basis of recording.For example, the technology of explanation can be according to the sequence for the method for being different from explanation
Execute, and/or explanation system, structure, device, circuit etc. constituent element can according to the method for being different from explanation other
Combination of shape and state or combination can reach result appropriate being substituted or being replaced by other constituent elements or equivalent.Therefore,
Other constituted modes, other embodiments and what is be equal with Patent request range belong to Patent request range.
Claims (10)
1. a kind of protective device of data equipment, which is characterized in that including having the first protective cover of the first opening, for detecting
The first attack detecting unit that whether first protective cover is attacked, in first protective cover with the second opening
Second protective cover, for detecting the second attack detecting unit and adapter whether second protective cover is attacked;Described
Two protective covers are for accommodating the data equipment;The adapter is located at the first opening and the second opening, sets with the data
Standby interface connection;The detection sensitivity of the second attack detecting unit is greater than the first attack detecting unit.
2. the protective device of data equipment according to claim 1, which is characterized in that first protective cover and/or described
Second protective cover includes electromagnetic absorption layer.
3. the protective device of data equipment according to claim 1, which is characterized in that further include secure processing module and with institute
State secure processing module connection for protecting the protection location of the data equipment, the secure processing module respectively with it is described
First attack detecting unit and the connection of the second attack detecting unit, the secure processing module is according to the first attack detecting list
The signal that member and the second attack detecting unit provide generates control signal and is transferred to the protection location.
4. the protective device of data equipment according to claim 3, which is characterized in that the protection location is located at the switching
On device, for disconnecting the connection of the data equipment when detecting attack.
5. the protective device of data equipment according to claim 4, which is characterized in that the protection location be controllable switch or
Person's fuse.
6. the protective device of data equipment according to claim 3, which is characterized in that the protection location is positioned at described the
Conducting liquid in two protective covers discharges structure, and the second attack detecting unit detects attack or second protective cover
When being destroyed, the conducting liquid discharges structure release conducting liquid.
7. the protective device of data equipment according to claim 3, it is characterised in that:
The secure processing module is more than or equal to or is less than or equal to first threshold according to security parameter, locks the data and sets
It is standby;And/or the secure processing module is more than or equal to or is less than or equal to second threshold according to attack parameter, locks the number
According to equipment.
8. the protective device of data equipment according to claim 1, which is characterized in that the first attack detecting unit and/
Or second attack detecting unit be conductive gauze or photoelectric sensor or pressure sensor or temperature sensor or gas
Pressure sensor or strain gauge or vibrating sensor.
9. the protective device of data equipment according to claim 8, which is characterized in that it further include randomizer, it is described
Randomizer is connect with the conductive gauze, for generating interference electromagnetic wave.
10. a kind of data equipment, which is characterized in that the protective device including any one of claim 1 to 9 data equipment.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910075441 | 2019-01-26 | ||
| CN2019100754410 | 2019-01-26 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110084074A true CN110084074A (en) | 2019-08-02 |
| CN110084074B CN110084074B (en) | 2021-06-22 |
Family
ID=67417569
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910355796.5A Active CN110084074B (en) | 2019-01-26 | 2019-04-29 | Protection device and data equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110084074B (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102930648A (en) * | 2012-07-03 | 2013-02-13 | 青岛海信智能商用系统有限公司 | Information security protection device |
| CN103413105A (en) * | 2013-07-08 | 2013-11-27 | 北京深思数盾科技有限公司 | Device for protecting shell of information safety device |
| CN205139925U (en) * | 2015-11-10 | 2016-04-06 | 段少银 | Stolen destructors of hard disk of computer |
| CN105913589A (en) * | 2016-01-25 | 2016-08-31 | 殷敏鸿 | Anti-removal type separation detector |
| US20160357946A1 (en) * | 2015-06-04 | 2016-12-08 | Darin Myman | Systems and methods of transforming electronic content |
| US20170094804A1 (en) * | 2015-09-25 | 2017-03-30 | International Business Machines Corporation | Overlapping, discrete tamper-respondent sensors |
| CN106887080A (en) * | 2017-04-10 | 2017-06-23 | 福建强闽信息科技有限公司 | A kind of antiwithdrawal device and its application method based on protenchyma network remote alarming |
| CN206523956U (en) * | 2017-02-20 | 2017-09-26 | 深圳市证通电子股份有限公司 | Paper money supplying module and ATM with intrusion detection feature |
| CN107506656A (en) * | 2017-08-21 | 2017-12-22 | 深圳市四季宏胜科技有限公司 | A kind of WIFI movable storage devices |
| CN107978109A (en) * | 2017-12-18 | 2018-05-01 | 长沙深蓝未来智能技术有限公司 | Drum-type tamper sensor |
| CN207337406U (en) * | 2017-09-04 | 2018-05-08 | 赵科武 | A kind of movable storage device for possessing physics self-destroying function |
| CN207458250U (en) * | 2017-08-23 | 2018-06-05 | 百富计算机技术(深圳)有限公司 | Mainboard safeguard protection formula POS machine |
| CN108667981A (en) * | 2018-04-23 | 2018-10-16 | 佛山市小沙江科技有限公司 | A kind of intelligent terminal protection shell |
| CN108780491A (en) * | 2015-11-03 | 2018-11-09 | Ictk控股有限公司 | Safety device and its operating method |
| CN109033891A (en) * | 2018-06-21 | 2018-12-18 | 北京智芯微电子科技有限公司 | Equipment and its security attack test method for SPI interface chip secure attack test |
| CN109583246A (en) * | 2018-11-06 | 2019-04-05 | 大唐微电子技术有限公司 | A kind of chip makes physical safety detection device and method |
-
2019
- 2019-04-29 CN CN201910355796.5A patent/CN110084074B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102930648A (en) * | 2012-07-03 | 2013-02-13 | 青岛海信智能商用系统有限公司 | Information security protection device |
| CN103413105A (en) * | 2013-07-08 | 2013-11-27 | 北京深思数盾科技有限公司 | Device for protecting shell of information safety device |
| US20160357946A1 (en) * | 2015-06-04 | 2016-12-08 | Darin Myman | Systems and methods of transforming electronic content |
| US20170094804A1 (en) * | 2015-09-25 | 2017-03-30 | International Business Machines Corporation | Overlapping, discrete tamper-respondent sensors |
| CN108780491A (en) * | 2015-11-03 | 2018-11-09 | Ictk控股有限公司 | Safety device and its operating method |
| CN205139925U (en) * | 2015-11-10 | 2016-04-06 | 段少银 | Stolen destructors of hard disk of computer |
| CN105913589A (en) * | 2016-01-25 | 2016-08-31 | 殷敏鸿 | Anti-removal type separation detector |
| CN206523956U (en) * | 2017-02-20 | 2017-09-26 | 深圳市证通电子股份有限公司 | Paper money supplying module and ATM with intrusion detection feature |
| CN106887080A (en) * | 2017-04-10 | 2017-06-23 | 福建强闽信息科技有限公司 | A kind of antiwithdrawal device and its application method based on protenchyma network remote alarming |
| CN107506656A (en) * | 2017-08-21 | 2017-12-22 | 深圳市四季宏胜科技有限公司 | A kind of WIFI movable storage devices |
| CN207458250U (en) * | 2017-08-23 | 2018-06-05 | 百富计算机技术(深圳)有限公司 | Mainboard safeguard protection formula POS machine |
| CN207337406U (en) * | 2017-09-04 | 2018-05-08 | 赵科武 | A kind of movable storage device for possessing physics self-destroying function |
| CN107978109A (en) * | 2017-12-18 | 2018-05-01 | 长沙深蓝未来智能技术有限公司 | Drum-type tamper sensor |
| CN108667981A (en) * | 2018-04-23 | 2018-10-16 | 佛山市小沙江科技有限公司 | A kind of intelligent terminal protection shell |
| CN109033891A (en) * | 2018-06-21 | 2018-12-18 | 北京智芯微电子科技有限公司 | Equipment and its security attack test method for SPI interface chip secure attack test |
| CN109583246A (en) * | 2018-11-06 | 2019-04-05 | 大唐微电子技术有限公司 | A kind of chip makes physical safety detection device and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110084074B (en) | 2021-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5353350A (en) | Electro-active cradle circuits for the detection of access or penetration | |
| US11704445B2 (en) | Tamper resistant module for industrial control system | |
| US5389738A (en) | Tamperproof arrangement for an integrated circuit device | |
| Weingart | Physical security devices for computer subsystems: A survey of attacks and defenses | |
| US10439998B2 (en) | Autonomous sensor system with intrinsic asymmetric encryption | |
| US20120198242A1 (en) | Data protection when a monitor device fails or is attacked | |
| US20100242115A1 (en) | Security cover | |
| CN105488421B (en) | Battery-free intrusion detection system and method for industrial and metering devices | |
| US20080129501A1 (en) | Secure chassis with integrated tamper detection sensor | |
| US20080134349A1 (en) | Card slot anti-tamper protection system | |
| US20140146485A1 (en) | Technique for intrusion detection | |
| CN105825599B (en) | A kind of multiple-protection system, method and the POS machine of the anti-intrusion of POS machine | |
| CN108810035A (en) | A kind of Network Security Device monitored in real time | |
| Isaacs et al. | Tamper proof, tamper evident encryption technology | |
| US20080192240A1 (en) | Methods and systems for recognizing tamper events | |
| CN107657183A (en) | The data security protection method and device of electronic equipment | |
| CN109522732A (en) | A kind of server of encrypted antitheft | |
| CN110084074A (en) | A kind of protective device and data equipment | |
| CN104408386B (en) | A kind of detaching-proof protection device | |
| CN110096906A (en) | A kind of safety device | |
| CN101246454A (en) | Information storage equipment protecting equipment and production method for the same | |
| CN107133534A (en) | A kind of data protecting device, electronic equipment and data destruction method | |
| CN115413339A (en) | Chip, chip packaging structure and electronic equipment | |
| Zhang et al. | The security protection technology and architectural design of distributed generation scheduling control systems | |
| CN116469838A (en) | Prevent infrared detection chip layout structure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |