CN110084074B - Protection device and data equipment - Google Patents
Protection device and data equipment Download PDFInfo
- Publication number
- CN110084074B CN110084074B CN201910355796.5A CN201910355796A CN110084074B CN 110084074 B CN110084074 B CN 110084074B CN 201910355796 A CN201910355796 A CN 201910355796A CN 110084074 B CN110084074 B CN 110084074B
- Authority
- CN
- China
- Prior art keywords
- protection
- detection unit
- attack detection
- attack
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data device and a protection device. The protection device comprises a first protection cover with a first opening, a first attack detection unit for detecting whether the first protection cover is attacked or not, a second protection cover with a second opening positioned in the first protection cover, a second attack detection unit for detecting whether the second protection cover is attacked or not and an adapter; the second protective cover is used for accommodating the data equipment; the adapter is positioned at the first opening and the second opening and is connected with the interface of the data equipment; the detection sensitivity of the second attack detection unit is greater than that of the first attack detection unit. According to the protection device provided by the invention, the first protection cover is arranged on the outer side of the second protection cover for protection, so that double protection is performed, and the safety is improved on the whole.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a protection device and data equipment.
Background
With the rapid development of computer technology, computers are becoming the main working modes of public institutions, industrial and commercial enterprises, military departments and the like. The popularization and application of computers greatly drive the rapid development of the information industry, and the rapid development of the information industry brings about a problem that information leakage is a serious problem, particularly, financial, security, government, enterprise and other institutions in the information security core region are troubled. With the continuous development of the technology, a technology for acquiring data by physical attack and a technology for acquiring side channel data have appeared, and the two technologies can detect calculation or data in a computer or a chip according to electromagnetic waves or other electrical characteristics generated by the computer or the chip in operation, which poses a great threat to the data security of the computer or the chip. In general, physical attacks can be divided into semi-invasive attacks and invasive attacks. The semi-intrusive attack is to acquire bypass information of power consumption, electromagnetic radiation and the like of hardware in the use process of the hardware (such as a computer or a chip) and steal the hardware information by a certain data analysis method. The semi-intrusive attack mainly aims at the public cryptographic algorithm to attack, and for some undisclosed cryptographic algorithms or for key information acquisition such as storage programs, operation data and bus data, the intrusive attack is always the first choice. The intrusive attack mode realizes the damage to a hardware protection cover (such as a computer or a chip shell) through means of uncovering, drilling, corrosion and the like, and utilizes technologies such as photographing, Focused Ion Beam (FIB) and microprobe and the like to obtain a hardware layout structure, modify internal wiring and read stored data. Therefore, when the computer or the chip is attacked in an invasive way, an attacker can easily acquire the information in the computer or the chip. Therefore, the invasive attack is the most effective and thorough means in the existing physical attack, and provides a completely new challenge for information security guarantee of a computer or a chip.
Disclosure of Invention
In order to solve the technical problem of low security in the prior art, embodiments of the present invention provide a protection device for a data device and a data device.
The embodiment of the invention provides a protection device of data equipment, which comprises a first protection cover with a first opening, a first attack detection unit for detecting whether the first protection cover is attacked or not, a second protection cover with a second opening positioned in the first protection cover, a second attack detection unit for detecting whether the second protection cover is attacked or not and an adapter, wherein the first protection cover is provided with a first opening; the second protective cover is used for accommodating the data equipment; the adapter is positioned at the first opening and the second opening and is connected with the interface of the data equipment; the detection sensitivity of the second attack detection unit is greater than that of the first attack detection unit.
Further preferably, the first protective cover and/or the second protective cover include an electromagnetic absorption layer.
Preferably, the data equipment further comprises a security processing module and a protection unit connected with the security processing module and used for protecting the data equipment, the security processing module is respectively connected with the first attack detection unit and the second attack detection unit, and the security processing module generates a control signal according to signals given by the first attack detection unit and the second attack detection unit and transmits the control signal to the protection unit.
Further preferably, the protection unit is located on the adaptor, and is configured to disconnect the data device when an attack is detected.
Further preferably, the protection unit is a controllable switch or a fuse.
Further preferably, the protection unit is a conductive liquid release structure located in the second protection cover, and when the second attack detection unit detects an attack or the second protection cover is damaged, the conductive liquid release structure releases conductive liquid.
Further preferably, the security processing module locks the data device according to that the security parameter is greater than or equal to or less than or equal to a first threshold; and/or the safety processing module locks the data equipment according to the attack parameter which is greater than or equal to or less than or equal to a second threshold value.
Further preferably, the first attack detection unit and/or the second attack detection unit is a wire mesh or a photoelectric sensor or a pressure sensor or a temperature sensor or an air pressure sensor or a stress sensor or a vibration sensor.
Further preferably, the electromagnetic interference shielding device further comprises a random number generator, wherein the random number generator is connected with the conductive wire net and is used for generating interference electromagnetic waves.
The embodiment of the invention also provides data equipment, which comprises the protection device of the data equipment.
According to the protection device of the data equipment, the first protection cover is arranged on the outer side of the second protection cover for protection, the second attack detection unit with higher detection sensitivity cannot trigger an alarm signal under the condition that the first protection cover is not damaged, misoperation is reduced, meanwhile, the second attack detection unit with higher detection sensitivity ensures high intrusion detection success rate, and safety is improved on the whole.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic perspective view of a data device protection apparatus according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of an adaptor of the data device protection apparatus according to the embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a data device protection apparatus according to an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a data device according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of a splitting structure of a data device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first", "second" and "third" in this application are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any indication of the number of technical features indicated. It will thus be appreciated that features defined as "first", "second" and "third" may explicitly or implicitly include at least one such feature. For example, a first plane of type may be referred to as a second plane of type, and similarly, a second plane of type may be referred to as a first plane of type, without departing from the scope of the present application. The first plane-like surface and the second plane-like surface are both planar surfaces, but they are not the same plane-like surface. In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless explicitly specifically limited otherwise. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The core idea of the invention is to adopt multiple protection, take safety and sensitivity into account, and reduce misoperation under the condition of ensuring safety, thereby obtaining higher safety and reducing unnecessary loss at the same time, and being beneficial to popularization and implementation of technology.
Fig. 1 is a schematic perspective view of a data device protection apparatus according to an embodiment of the present invention. Fig. 2 is a schematic structural diagram of an adaptor of the data device protection apparatus according to the embodiment of the present invention. Fig. 3 is a schematic structural diagram of a data device protection apparatus according to an embodiment of the present invention. Referring to fig. 1 to fig. 3, a protection apparatus 1 of a data device according to an embodiment of the present invention includes a first protection cover 17 having a first opening 171, a first attack detection unit 151 for detecting whether the first protection cover 17 is attacked, a second protection cover 19 located in the first protection cover 17 and having a second opening 191, a second attack detection unit 153 for detecting whether the second protection cover 19 is attacked, and an adaptor 13; preferably, the first attack detection unit 151 is located between the first protective cover 17 and the second protective cover 19 or on the outside of the second protective cover 19 or on the inside of the first protective cover 17, and the second attack detection unit 153 is located inside the second protective cover 19; the second protective cover 19 is used for accommodating the data device (not shown in the figure), which may be a processor, a display module, a data sending or receiving module, or the like; the adapter 13 is located at the first opening 171 and the second opening 191, is connected to an interface of the data device, and is used for adapting the data device to the outside to implement data application; the first opening 171 and the second opening 191 are in sealing fit with the adapter 13, so that an attacker cannot use the three openings to attack the three; the second attack detection unit 153 has a detection sensitivity higher than that of the first attack detection unit 151. The attack detection capability of the first detection unit 151 is equal to or greater than zero. The protection device of the data equipment wraps the data equipment layer by layer and is provided with two protective covers for protection, so that double protection is formed. The second attack detection unit 153 having a high detection sensitivity is located below the first protection cover 17, and the change in the external environment does not substantially affect the second attack detection unit 153, so that there is substantially no possibility of erroneous operation in a normal state. When the attack is received, even if the first protective cover 17 is broken, the attacker still can not obtain the required key information, and the attacker still needs to break the second protective cover 19 to obtain the key information; however, the second attack detection unit 153 has higher detection sensitivity than the first attack detection unit 151, so that when an attacker performs physical attack, the attacker triggers the second attack detection unit 153 to generate an alarm signal, so that the data device is protected. Of course, in general, when an attacker attacks the first protection cover 17, the first attack detection unit 151 sends out an alarm signal. Therefore, the second attack detection unit 153 with higher detection sensitivity and the second protective cover 19 are used as the last defense line, so that the success rate of intrusion detection (or physical attack detection or damage detection) is improved; the first protective cover 17 is arranged on the outer side of the second protective cover 19 for protection, and the second attack detection unit 153 cannot trigger an alarm signal under the condition that the first protective cover 17 is not damaged, so that misoperation is reduced, the high intrusion detection success rate is ensured, and the safety of the safety device is improved on the whole.
In some embodiments, the second protective cover may be a laminated structure or a film structure, in which case the second protective cover may be adhered to the inner surface of the first protective cover or the second protective cover may be adjacent to the inner surface of the first protective cover.
The first protective cover 17 is made of hard plastic or metal, and the second protective cover 19 is made of fragile material. In some embodiments, the second protective cover 19 includes a body made of plastic or metal and a frangible layer on the body. The frangible layer is preferably a metal coating, although other coatings or films are possible. The brittle layer or material of this embodiment means that the strength of the layer or material is less than 1 KPa. At least one of the first protective covering 17 and the second protective covering 19 is opaque so that an attacker cannot easily know the internal structure by the naked eye or by other means.
The protection device of the data device of the embodiment further includes a security processing module 155, and the security processing module 155 is located in the first protection cover 17. The security processing module 155 can be located between the first protective cover 17 and the second protective cover 19, or can be located within the second protective cover 19. The latter embodiment is preferred to ensure that the security processing module 155 is not easily broken by an attacker.
The protection apparatus of the data device of this embodiment further includes a protection unit 131 connected to the security processing module 155 for protecting the data device. The security processing module 155 is respectively connected to the first attack detection unit 151 and the second attack detection unit 153, and the security processing module 155 generates a control signal according to signals from the first attack detection unit 151 and the second attack detection unit 153 and transmits the control signal to the protection unit 131. Preferably, the protection unit 131 is located on the adaptor 13, and is used for disconnecting the data device when an attack is detected (when the attack is detected by the first attack detection unit 151 and/or the second attack detection unit 153); of course, in other embodiments, the protection unit 131 may be a protection device with a destructive or destructive property, and may destroy or destroy a core device (e.g., a cryptographic chip, a CPU, etc.) so that an attacker cannot obtain valuable information. The protection unit 131 is a controllable switch or a fuse. The protection unit 131 generates corresponding actions according to the indication or control signal given by the security processing module 155, such as disconnecting the power on the adaptor 13, and making the data device inoperative. The controllable switch can be a triode or a MOS tube or an IGBT or a relay and the like. The fuse may be a fuse or other fusible substance; when an attack is detected, the security processing module 155 outputs a large current to the protection unit 131 (i.e., a fuse), and the protection unit 131 blows, so that the data device does not operate.
In order to further improve the security performance, the present embodiment preferably sets the security parameter and the attack parameter in the protection device of the data device. The safety parameters are set when leaving a factory or set by an authority mechanism and are used for protecting the safety of the data equipment in the transportation process of the protection device. The security processing module 155 locks the protection device of the data device according to the security parameter being greater than or equal to or less than the first threshold, and the data device in the protection device of the data device cannot work, thereby ensuring the security in the transportation process. The attack parameter is obtained by the security processing module 155 according to the attack situation of the protection device of the data device, if the attack parameter is greater than or equal to or less than the second threshold, the security processing module 155 locks the protection device of the data device, and after the protection device of the data device is locked, the data device in the protection device of the data device cannot work, so that the protection device of the data device is guaranteed against endless attack. The protection device of the data equipment needs to be unlocked after being locked, the unlocking is carried out by an authority or a company, and the authority or the company resets the security parameter and/or the attack parameter to a numerical value meeting the requirement to finish the unlocking.
As an implementation manner of this embodiment, the first attack detection unit 151 and/or the second attack detection unit 153 are a first sensor and a second sensor, respectively, and the first sensor and the second sensor are connected to the security processing module 155, respectively. The first sensor may be a photosensor, a pressure sensor, a temperature sensor, an air pressure sensor, a vibration sensor, or a stress sensor. The second sensor may also be a photo sensor, a pressure sensor, a temperature sensor, a barometric pressure sensor, a vibration sensor or a stress sensor. For example, the first sensor is a photoelectric sensor, which is located between the first protective cover 17 and the second protective cover 19 or on the outer side of the second protective cover 19 or on the inner side of the first protective cover 17, when the first protective cover 17 is damaged by physical attack, light enters between the first protective cover 17 and the second protective cover 19, then the photoelectric sensor generates a signal, which is called an alarm signal, and transmits the alarm signal to the security processing module 155, and the security processing module 155 controls the protective unit 131 to perform protection, such as power off. The second protecting cover 19 can be made of fragile paper, the second sensor is an air pressure sensor, when the second protecting cover 19 is damaged, the second sensor senses the change of air pressure to generate an alarm signal, the alarm signal is transmitted to the safety processing module 155, and the safety processing module 155 controls the protecting unit 131 to perform protection, such as power off. The sensitivity of the air pressure sensor is higher than that of the photoelectric sensor, and therefore, the detection sensitivity of the second attack detection unit 153 is higher than that of the first attack detection unit 151; or a certain air pressure exists in the second protective cover 19, the air pressure is lower than one atmospheric pressure, when the second protective cover 19 is damaged, the air pressure in the second protective cover 19 rises to one atmospheric pressure, and the air pressure sensor can very easily detect the change, so that high-sensitivity detection can be realized without a high-precision air pressure sensor, and the cost can be reduced. In some embodiments, the second protective cover 19 comprises a body made of plastic or metal and a frangible layer on the body, the frangible layer being a metal plating, the second sensor being a stress sensor. When the stress sensor senses the sudden change of the stress of the metal coating, an alarm signal is generated and sent to the safety processing module 155, and the safety processing module 155 controls the protection unit 131 to perform protection, such as power off.
In some embodiments, the second protective cover may be a laminated structure or a film structure, in which case the second protective cover may be adhered to the inner surface of the first protective cover or the second protective cover may be adjacent to the inner surface of the first protective cover.
As an implementation manner of this embodiment, the first attack detection unit and/or the second attack detection unit is a conductive wire net. Preferably, the first attack detection unit is a first wire net and the second attack detection unit is a second wire net. The first wire mesh is located on the first protective cover 17 and the second wire mesh is located on the second protective cover 19. The second wire mesh has a mesh density greater than the first wire mesh. Between the first and second nets and the power source and the security processing module 155, respectively, once the conductive wires in the first and second nets are broken, the security processing module 155 does not receive current or voltage or other signals, and the security processing module 155 can know that there is an attack. If the current or the voltage exists, the attack does not exist, and otherwise, the attack exists. The security processing module 155 can also use other methods to determine whether an attack is being made through the first and second nets. In order to increase the difficulty of physical attack, in the embodiment, it is preferable that the arrangement of the conductive nets (the first conductive net and/or the second conductive net) is irregular, so that it is difficult for an attacker to find an attack site, and the security is improved. In order to further make it difficult for an attacker to completely find out the regularity of the arrangement of the conductive wire net, it is preferable that the irregularity is randomly generated, that is, the arrangement of the conductive wire net is random as long as the detection sensitivity can be produced and satisfied. Further preferably, the protection device for data equipment of this embodiment further comprises a random number generator connected to the first wire mesh and/or the second wire mesh (i.e. connected to the wire mesh) for generating interfering electromagnetic waves. The electric signal generated by the random number generator and the electric signal generated by the power supply pass through the electric wire network, the interference electromagnetic wave generated by the electric wire network has randomness, and the frequency and amplitude of the interference electromagnetic wave are preferably in the same range with the electromagnetic wave generated by the safety processing module 155 and the data equipment, so that the difficulty of cracking is increased. In order to further increase the difficulty, it is preferable that the conductive wires of the conductive wire mesh are irregular conductive wires, and the irregular conductive wires include conductive wires with cross-sectional areas varying in the length direction or conductive wires with protrusions or recesses on the surfaces or conductive wires with at least two bends or bends different from each other; the variation is random; alternatively, the shape or arrangement of the protrusions or depressions is random; alternatively, the shape or arrangement of the bends or curves is random. The interference electromagnetic waves generated by the conductive wire net in the embodiment of the invention are subjected to triple random actions such as a random number generator, random arrangement, irregular conductive wires (the irregularity is random) and the like, so that an attacker can attack or crack the interference electromagnetic waves, and the information security is greatly improved.
The adaptor 13 includes a first end 133 and a second end 135, the second end 135 is connected to an interface of the data device, and the first end 133 is used for external connection, so that the external device can use or supply power to the data device.
In order to facilitate the use of the protection device 1 for a data device according to an embodiment of the present invention, the protection device 1 for a data device includes an upper cover 11 and a lower cover 15 that can be opened, and the adaptor 13 is located on the lower cover. When the protection device 1 for data equipment is used, the upper cover and the lower cover are opened, the data equipment is placed in the lower cover 15, the second end 135 of the adapter 13 is inserted into the interface of the data equipment, and the upper cover 11 is closed to cover the upper cover and the lower cover. After the upper cover and the lower cover are closed, the protective device 1 of the data equipment can not be opened any more unless violently removed, and the safety of the data equipment is ensured.
Fig. 4 is a schematic structural diagram of a data device according to an embodiment of the present invention. Fig. 5 is a schematic diagram of a splitting structure of a data device according to an embodiment of the present invention. Referring to fig. 4 and 5, the data device 2 according to the embodiment of the present invention includes a circuit board 273, interfaces (276, 278) for external connection, a controller 277, and an FPGA (field programmable gate array) 275, where the interfaces (276, 278), the controller 277, and the FPGA275 are respectively connected to the circuit board 273, and preferably, the controller 277 is connected to the circuit board 273 through a flexible circuit board 279 in the embodiment. In this embodiment, the interfaces (276, 278) include a first interface 276 and a second interface 278, although in other embodiments, the first interface 276 and the second interface 278 may be integrated into one interface. The data device 2 further comprises a first protective cover 21 having a first opening (not shown in the figure), a first attack detection unit 231 for detecting whether the first protective cover 21 is attacked, a second protective cover 25 located within the first protective cover 21 having a second opening (not shown in the figure), and a second attack detection unit 233 for detecting whether the second protective cover 25 is attacked. The first attack detection unit 231 may be located on the first protection cover 21, on the outer surface of the second protection cover 25, or between the first protection cover 21 and the second protection cover 25. The second attack detection unit 233 may be located on the second protection cover 25, or may be located in the second protection cover 25. The attack detection capability of the first detection unit 151 is equal to or greater than zero. The second protective cover 25 is used to house the circuit board 273, controller 277 and FPGA 275. The interfaces (276, 278) are arranged at the first opening and the second opening for connecting external equipment, and the first opening and the second opening are in sealing fit with the interfaces (276, 278) to ensure that the interfaces can not be utilized by attackers to attack. The outermost sides of the interfaces (276, 278) are flush with the first protective cover 21, thus preventing the interfaces (276, 278) from being attacked or detected and ensuring the connection safety. Further, it is preferred that the outermost sides of the interfaces (276, 278) are located inside the first opening, so that the external connection lines are all located within the protective range of the first protective cover 21, further increasing the safety of the connection. The second attack detection unit 233 has a detection sensitivity greater than that of the first attack detection unit 231. The detection sensitivity in this embodiment refers to the strength of the ability of the first attack detection unit 231 or the second attack detection unit 233 to sense intrusion (or attack or destruction). The data device 2 of the present embodiment has the first protection cover 21 and the second protection cover 25, and when the data device 2 is physically attacked, the first attack detection unit 231 detects the attack and generates an alarm signal, which can prevent the attack of an attacker. Due to the low detection sensitivity of the first attack detection unit 231, when a clever attacker is not detected by the first attack detection unit 231 when breaking the first protection cover 21, the attacker still cannot obtain the required state due to the existence of the second protection cover 25, and the attack action needs to be continuously performed. When an attacker attacks the second protection cover 25, the second attack detection unit 233 detects the attack and generates an alarm signal, thereby preventing the attack of the attacker. Because the detection sensitivity of the second attack detection unit 233 is high, the attack detection success rate is greatly improved, and the security of the data device 2 of the embodiment of the present invention is ensured. The multiple protection covers are matched with each other in high and low detection sensitivity, misoperation is reduced, meanwhile, high attack detection success rate is guaranteed, and safety of the data equipment of the embodiment of the invention is integrally improved. In order to facilitate assembly and production, the protective cover of the embodiment of the invention comprises an upper shell 3 and a lower shell 4, parts such as a circuit board 273 and the like are placed in the lower shell 4, and then the upper shell is covered for fixing, so that the assembly is completed. The upper case 3 includes an upper protection cover 31 of the first protection cover 21 and an upper protection cover 33 of the second protection cover 25, and the lower case includes a lower protection cover 41 of the first protection cover 21 and a lower protection cover 43 of the second protection cover 25. Further preferably, the first protection cover 21 is made of hard plastic or metal, and the second protection cover 25 is made of a brittle material; alternatively, the second protective cover 25 comprises a body made of plastic or metal and a frangible layer on the body. The brittle layer or material of this embodiment means that the strength of the layer or material is less than 1 KPa. At least one of the first protective covering 21 and the second protective covering 25 is opaque so that an attacker cannot easily know the internal structure by the naked eye or other means. In order to improve the safety, the distance between the first protective cover 21 and the second protective cover 25 is preferably less than 5mm, so that an attacker can inevitably damage the second protective cover when breaking the first protective cover, thereby achieving more safety protection. In order to protect the circuit board 273, the present embodiment preferably fixes the circuit board 723 inside the lower protection cover 43 by means of the elastic support 271.
It is further preferable that the data device 2 further includes a protection unit (not shown in the figure) connected to the controller 277, the controller 277 is connected to the first attack detection unit 231 and the second attack detection unit 233, respectively, and the controller 277 generates a control signal according to signals given by the first attack detection unit 231 and the second attack detection unit 233 and transmits the control signal to the protection unit. Preferably, the protection unit is located on the interface (276, 278) for disconnecting the data device 2 when an attack is detected (when the attack is detected by the first attack detection unit 231 or the second attack detection unit 233). The protection unit is a controllable switch or a fuse. The controllable switch can be a triode or a MOS tube or an IGBT or a relay and the like. The fuse is a fuse or other fusible material, and when an attack is detected, the controller 277 controls to output a large current to the fuse, which fuses, so that part or all of the devices on the circuit board 273 do not operate.
In order to further improve the security performance, the present embodiment preferably sets the security parameter and the attack parameter for the data device 2. The security parameters are set when leaving the factory or by an authority, and are used for protecting the security of the data device 2 in the transportation process. The controller 277 locks the data device according to the safety parameter being greater than or equal to or less than the first threshold, and the data device 2 cannot work, thereby ensuring the safety in the transportation process. The attack parameter is obtained by the controller 277 according to the attacked situation of the data device 2, if the attack parameter is greater than or equal to or less than the second threshold, the controller 277 locks the data device 2, and after the data device 2 is locked, the data device 2 cannot work, thereby ensuring that the data device 2 is not attacked endlessly. The data device 2 needs to be unlocked after being locked, the unlocking is carried out by an authority or a company, and the authority or the company resets the security parameter and/or the attack parameter to a numerical value meeting the requirement to finish the unlocking.
As an implementation manner of the embodiment, the first attack detection unit 231 and/or the second attack detection unit 233 are a first sensor and a second sensor, respectively, and the first sensor and the second sensor are connected to the controller 277, respectively. The first sensor may be a photosensor, a pressure sensor, a temperature sensor, an air pressure sensor, a vibration sensor, or a stress sensor. The second sensor may also be a photo sensor, a pressure sensor, a temperature sensor, a barometric pressure sensor, a vibration sensor or a stress sensor. For example, the first sensor is a photoelectric sensor, which is located between the first protective cover 21 and the second protective cover 25 or on the outer side of the second protective cover 25 or on the inner side of the first protective cover 21, when the first protective cover 21 is damaged by physical attack, light enters between the first protective cover 21 and the second protective cover 25, then the photoelectric sensor generates a signal, which is called an alarm signal, and transmits the alarm signal to the controller 277, and the controller 277 controls the protective unit to perform protection, such as power failure or damage to important data or devices. The second protective cover 25 may be made of a fragile paper, the second sensor is an air pressure sensor, and when the second protective cover 25 is broken, the second sensor senses a change in air pressure to generate an alarm signal, and transmits the alarm signal to the controller 277, and the controller 277 controls the protective unit to perform protection, such as power failure or damage of important data or devices. Since the sensitivity of the air pressure sensor is higher than that of the photoelectric sensor, the detection sensitivity of the second attack detection unit 233 is higher than that of the first attack detection unit 231; or the second protective cover 25 has a certain air pressure which is lower than one atmosphere, when the second protective cover 25 is damaged, the air pressure in the second protective cover 25 will rise to one atmosphere, and the air pressure sensor can easily detect the change, so that the high-sensitivity detection can be realized without the air pressure sensor with high precision, and the cost can be reduced. In some embodiments, the second protective cover 25 comprises a body made of plastic or metal and a frangible layer on the body, the frangible layer being a metal plating, the second sensor being a stress sensor. When the stress sensor senses the sudden change of the stress of the metal coating, an alarm signal is generated and sent to the controller 277, and the controller 277 controls the action of a protection unit to perform protection, such as power failure or damage of important data or devices. The first sensor and the second sensor may be various sensors, and the controller 277 controls the protection unit to operate for protection whenever one sensor detects an intrusion (or an attack).
As an implementation manner of the present embodiment, the first attack detection unit 231 and/or the second attack detection unit 233 are/is a conductive net. Preferably, the first attack detection unit 231 is a first wire net and the second attack detection unit 233 is a second wire net. The first wire mesh is located on the first protective cover 21, and the second wire mesh is located on the second protective cover 25. The second wire mesh has a mesh density greater than the first wire mesh. Between the first and second nets and the power source and the controller 277, respectively, once the conductive wires in the first and second nets are broken, the controller 277 may not receive current or voltage or other signals, and the controller 277 may know that there is an attack. If the current or the voltage exists, the attack does not exist, and otherwise, the attack exists. In order to increase the difficulty of physical attack, in the embodiment, it is preferable that the arrangement of the conductive nets (the first conductive net and/or the second conductive net) is irregular, so that it is difficult for an attacker to find an attack site, and the security is improved. In order to further make it difficult for an attacker to completely find out the regularity of the arrangement of the conductive wire net, it is preferable that the irregularity is randomly generated, that is, the arrangement of the conductive wire net is random as long as the detection sensitivity can be produced and satisfied. It is further preferred that the data device 2 of the present embodiment further comprises a random number generator connected to the first network of electrically conductive wires and/or the second network of electrically conductive wires (i.e. connected to the network of electrically conductive wires) for generating interfering electromagnetic waves. The electric signal generated by the random number generator and the electric signal generated by the power supply pass through the electric wire network, the interference electromagnetic wave generated by the electric wire network has randomness, the frequency and the amplitude of the interference electromagnetic wave are preferably in the same range as those of the electromagnetic wave generated by the controller 277, and the cracking difficulty is increased. In order to further increase the difficulty, it is preferable that the conductive wires of the conductive wire mesh are irregular conductive wires, and the irregular conductive wires include conductive wires with cross-sectional areas varying in the length direction or conductive wires with protrusions or recesses on the surfaces or conductive wires with at least two bends or bends different from each other; the variation is random; alternatively, the shape or arrangement of the protrusions or depressions is random; alternatively, the shape or arrangement of the bends or curves is random. The interference electromagnetic waves generated by the conductive wire net in the embodiment of the invention are subjected to triple random actions such as a random number generator, random arrangement, irregular conductive wires (the irregularity is random) and the like, so that an attacker can attack or crack the interference electromagnetic waves, and the information security is greatly improved.
In order to reduce the electromagnetic radiation to the outside of the data device 2 during operation, the first protective cover 21 and/or the second protective cover 25 preferably further comprise an electromagnetic absorbing layer according to an embodiment of the present invention. The electromagnetic absorption layer is made of electromagnetic wave absorption materials and can be positioned on the inner side or the outer side of the protective cover.
As an implementation manner of this embodiment, it is preferable that the protection unit is a conductive liquid releasing structure located inside the second protection cover 25, and the conductive liquid releasing structure releases the conductive liquid when the second attack detection 233 unit is attacked or the second protection cover 25 is damaged. The conductive liquid can flow onto the circuit board 273 causing the circuit board 273 to short out and cease to operate or even destroy or the devices on the circuit board 273 to short out and cease to operate or even destroy.
Although the embodiments have been described with reference to the accompanying drawings, it is to be understood that various changes and modifications may be effected therein by one of ordinary skill in the art in light of the above teachings. For example, the described techniques may be performed in an order different from that described, and/or the components of the described systems, structures, devices, circuits, etc. may be combined or combined in a manner different from that described, and may be replaced or substituted with other components or equivalents to achieve suitable results. Therefore, other configurations, other embodiments, and equivalents to the claims are intended to fall within the claims.
Claims (9)
1. A protection device of a data device is characterized by comprising a first protection cover with a first opening, a first attack detection unit for detecting whether the first protection cover is attacked or not, a second protection cover with a second opening positioned in the first protection cover, a second attack detection unit for detecting whether the second protection cover is attacked or not and an adapter; the second protective cover is used for accommodating the data equipment; the adapter is positioned at the first opening and the second opening and is connected with the interface of the data equipment; the detection sensitivity of the second attack detection unit is greater than that of the first attack detection unit; the electromagnetic interference detection device comprises a first attack detection unit, a second attack detection unit and a random number generator, wherein the first attack detection unit and/or the second attack detection unit are/is a conductive wire net, and the random number generator is connected with the conductive wire net and used for generating interference electromagnetic waves.
2. The data device protection arrangement of claim 1, wherein the first protective cover and/or the second protective cover comprises an electromagnetic absorbing layer.
3. The protection device of the data device according to claim 1, further comprising a security processing module and a protection unit connected to the security processing module for protecting the data device, wherein the security processing module is connected to the first attack detection unit and the second attack detection unit, respectively, and the security processing module generates a control signal according to signals from the first attack detection unit and the second attack detection unit and transmits the control signal to the protection unit.
4. A protection arrangement for a data device according to claim 3, wherein the protection unit is located on the adaptor for disconnecting the data device upon detection of an attack.
5. A protection arrangement for a data device according to claim 4, characterized in that the protection unit is a controllable switch or a fuse.
6. The data device protection device of claim 3, wherein the protection unit is a conductive liquid release structure located inside the second protective cover, and the conductive liquid release structure releases conductive liquid when the second attack detection unit detects an attack or the second protective cover is damaged.
7. A protection device for a data apparatus according to claim 3, characterized in that:
the safety processing module locks the data equipment according to the safety parameter being greater than or equal to or less than or equal to a first threshold value; and/or the safety processing module locks the data equipment according to the attack parameter which is greater than or equal to or less than or equal to a second threshold value.
8. The protection device of claim 1, wherein the first attack detection unit or the second attack detection unit is a photoelectric sensor or a pressure sensor or a temperature sensor or an air pressure sensor or a stress sensor or a vibration sensor.
9. A data device comprising a protection device for a data device according to any one of claims 1 to 8.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910075441 | 2019-01-26 | ||
| CN2019100754410 | 2019-01-26 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110084074A CN110084074A (en) | 2019-08-02 |
| CN110084074B true CN110084074B (en) | 2021-06-22 |
Family
ID=67417569
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910355796.5A Active CN110084074B (en) | 2019-01-26 | 2019-04-29 | Protection device and data equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110084074B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102930648A (en) * | 2012-07-03 | 2013-02-13 | 青岛海信智能商用系统有限公司 | Information security protection device |
| CN103413105A (en) * | 2013-07-08 | 2013-11-27 | 北京深思数盾科技有限公司 | Device for protecting shell of information safety device |
| CN105913589A (en) * | 2016-01-25 | 2016-08-31 | 殷敏鸿 | Anti-removal type separation detector |
| CN106887080A (en) * | 2017-04-10 | 2017-06-23 | 福建强闽信息科技有限公司 | A kind of antiwithdrawal device and its application method based on protenchyma network remote alarming |
| CN206523956U (en) * | 2017-02-20 | 2017-09-26 | 深圳市证通电子股份有限公司 | Paper money supplying module and ATM with intrusion detection feature |
| CN107978109A (en) * | 2017-12-18 | 2018-05-01 | 长沙深蓝未来智能技术有限公司 | Drum-type tamper sensor |
| CN109033891A (en) * | 2018-06-21 | 2018-12-18 | 北京智芯微电子科技有限公司 | Equipment and its security attack test method for SPI interface chip secure attack test |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10387674B2 (en) * | 2015-06-04 | 2019-08-20 | Datchat, Inc. | Systems and methods of transforming electronic content |
| US9911012B2 (en) * | 2015-09-25 | 2018-03-06 | International Business Machines Corporation | Overlapping, discrete tamper-respondent sensors |
| KR101922931B1 (en) * | 2015-11-03 | 2018-11-28 | 주식회사 아이씨티케이 홀딩스 | Security apparatus and operating method thereof |
| CN205139925U (en) * | 2015-11-10 | 2016-04-06 | 段少银 | Stolen destructors of hard disk of computer |
| CN107506656A (en) * | 2017-08-21 | 2017-12-22 | 深圳市四季宏胜科技有限公司 | A kind of WIFI movable storage devices |
| CN207458250U (en) * | 2017-08-23 | 2018-06-05 | 百富计算机技术(深圳)有限公司 | Mainboard safeguard protection formula POS machine |
| CN207337406U (en) * | 2017-09-04 | 2018-05-08 | 赵科武 | A kind of movable storage device for possessing physics self-destroying function |
| CN108667981B (en) * | 2018-04-23 | 2020-10-16 | 管玲飞 | Intelligent terminal protective housing |
| CN109583246B (en) * | 2018-11-06 | 2020-10-20 | 大唐微电子技术有限公司 | Chip physical security detection device and method |
-
2019
- 2019-04-29 CN CN201910355796.5A patent/CN110084074B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102930648A (en) * | 2012-07-03 | 2013-02-13 | 青岛海信智能商用系统有限公司 | Information security protection device |
| CN103413105A (en) * | 2013-07-08 | 2013-11-27 | 北京深思数盾科技有限公司 | Device for protecting shell of information safety device |
| CN105913589A (en) * | 2016-01-25 | 2016-08-31 | 殷敏鸿 | Anti-removal type separation detector |
| CN206523956U (en) * | 2017-02-20 | 2017-09-26 | 深圳市证通电子股份有限公司 | Paper money supplying module and ATM with intrusion detection feature |
| CN106887080A (en) * | 2017-04-10 | 2017-06-23 | 福建强闽信息科技有限公司 | A kind of antiwithdrawal device and its application method based on protenchyma network remote alarming |
| CN107978109A (en) * | 2017-12-18 | 2018-05-01 | 长沙深蓝未来智能技术有限公司 | Drum-type tamper sensor |
| CN109033891A (en) * | 2018-06-21 | 2018-12-18 | 北京智芯微电子科技有限公司 | Equipment and its security attack test method for SPI interface chip secure attack test |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110084074A (en) | 2019-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10257924B2 (en) | Tamper-proof electronic packages formed with stressed glass | |
| Weingart | Physical security devices for computer subsystems: A survey of attacks and defenses | |
| US7549064B2 (en) | Secure circuit assembly | |
| US7065656B2 (en) | Tamper-evident/tamper-resistant electronic components | |
| US5353350A (en) | Electro-active cradle circuits for the detection of access or penetration | |
| US10242543B2 (en) | Tamper-respondent assembly with nonlinearity monitoring | |
| US8223503B2 (en) | Security cover for protecting the components mounted on a printed circuit board (PCB) against being attached | |
| US9003559B2 (en) | Continuity check monitoring for microchip exploitation detection | |
| US11191155B1 (en) | Tamper-respondent assembly with structural material within sealed inner compartment | |
| US7796036B2 (en) | Secure connector with integrated tamper sensors | |
| KR20130126804A (en) | Coverage for detecting illegal opening for electronic device | |
| US20080134349A1 (en) | Card slot anti-tamper protection system | |
| US20080129501A1 (en) | Secure chassis with integrated tamper detection sensor | |
| US20140146485A1 (en) | Technique for intrusion detection | |
| Isaacs et al. | Tamper proof, tamper evident encryption technology | |
| CN110084074B (en) | Protection device and data equipment | |
| US7495554B2 (en) | Clamshell protective encasement | |
| CN110096906A (en) | A kind of safety device | |
| US11205016B2 (en) | Secure crypto module including optical security pathway | |
| CN107133534A (en) | A kind of data protecting device, electronic equipment and data destruction method | |
| Vedant et al. | Detecting Cyber Attacks in a Cyber-physical Power System: A Machine Learning Based Approach | |
| US9680477B2 (en) | Printed circuit board security using embedded photodetector circuit | |
| EP3644209B1 (en) | Tamper sensor | |
| CN116469838A (en) | Prevent infrared detection chip layout structure | |
| CN110287738A (en) | Data storage device and its data guard method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |