CN111885178A - External terminal protection equipment and protection system including voice information verification - Google Patents
External terminal protection equipment and protection system including voice information verification Download PDFInfo
- Publication number
- CN111885178A CN111885178A CN202010736004.1A CN202010736004A CN111885178A CN 111885178 A CN111885178 A CN 111885178A CN 202010736004 A CN202010736004 A CN 202010736004A CN 111885178 A CN111885178 A CN 111885178A
- Authority
- CN
- China
- Prior art keywords
- external
- voice information
- equipment
- file
- external terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 21
- 238000012544 monitoring process Methods 0.000 claims abstract description 42
- 230000005540 biological transmission Effects 0.000 claims abstract description 16
- 230000001681 protective effect Effects 0.000 claims abstract description 3
- 238000013500 data storage Methods 0.000 claims description 13
- 238000004891 communication Methods 0.000 claims description 10
- 238000001514 detection method Methods 0.000 claims description 6
- 230000001960 triggered effect Effects 0.000 claims description 6
- 238000000034 method Methods 0.000 description 10
- 230000002159 abnormal effect Effects 0.000 description 7
- 230000006378 damage Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000008676 import Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000014599 transmission of virus Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Telephonic Communication Services (AREA)
Abstract
An external terminal protection device and a protection system including voice information verification are provided. This external terminal protective equipment includes: the external interfaces are used for connecting one or more external devices and protected devices respectively; the voice information acquisition module is used for acquiring voice information of a user in real time; the file monitoring module is connected with the voice information acquisition module, is used for verifying the voice information and is also used for controlling the safety authentication of external equipment accessed by the external interface; and the file transmission module is connected with the file monitoring module and used for transmitting the file data imported by the external equipment to the protected equipment under the control of the file monitoring module. The invention can achieve the purpose of carrying out safety protection on the protected equipment without installing safety protection software on the protected equipment, and determines the use permission of the current operating personnel in a voiceprint verification mode, thereby greatly reducing the safety risk of the system.
Description
Technical Field
The invention belongs to the technical field of computer security, and particularly relates to an external terminal protection device and a protection system including voice information verification.
Background
In recent years, computers and information technologies have been developed at a high speed, so that popularization of networks is greatly promoted, and people increasingly enjoy convenience brought by the computers and the information technologies, and meanwhile, new threats are brought to data security in computers used by people in production/life, such as common unauthorized access, impersonation of legal users, destruction of data integrity, interference of normal operation of systems, transmission of viruses by using networks, interception by middlemens and the like.
Many technical means for solving the problem of intranet security exist, for example, network security products such as firewalls, antivirus systems, intrusion detection systems and the like are installed and used in a host, but various network security events still occur frequently after the measures are taken. According to statistics, 70% of computer crimes are caused by that internal personnel illegally use key resources such as a host and the like, the true threat from the outside is only 30%, the internal personnel lack safety awareness when using the host, are positioned at the rear end of a firewall, are accessed into various external devices without specifications, and misoperation or deliberate damage of a system can cause severe influence or even great loss to organs, enterprises and public institutions and the like.
Meanwhile, for some special devices, such as hosts equipped with special software control, and devices of engineer stations/worker stations in some industrial fields, these hosts/devices often have no security protection software adapted to such systems on the market due to system specificity, or the original software of the host is easily subjected to compatibility problems due to installation of security software, and even the performance is affected. In addition, after the hosts of the engineer stations/the workstation stations are on line, the operating system is basically not upgraded, even if the security software is installed, the anti-malicious code software version and the malicious code library are not updated in time, and the comprehensive security protection effect cannot be achieved.
In addition, for some external protection devices, because of lack of identification capability for specific users, the external protection devices are easy to be hacked or stolen by unauthorized users, so that the related external protection devices have no privacy protection.
Disclosure of Invention
Based on this, the main objective of the present invention is to provide an external terminal protection device and a protection system including voice information verification, so as to at least partially solve at least one of the above technical problems.
In order to achieve the above object, as a first aspect of the present invention, there is provided an external terminal guard device including voice information authentication, including:
the external interfaces are used for connecting one or more external devices and protected devices respectively;
the voice information acquisition module is used for acquiring voice information of a user in real time, wherein the voice information comprises voiceprint information of the user;
the file monitoring module is connected with the voice information acquisition module and used for verifying the voice information and controlling the safety authentication of external equipment accessed by the external interface;
and the file transmission module is connected with the file monitoring module and used for transmitting the file data imported by the external equipment to the protected equipment under the control of the file monitoring module.
As a second aspect of the present invention, there is also provided a guard system including:
one or more external devices;
a protected device; and
the external terminal protection device as described above,
the external terminal protection device is externally connected to the protected device, so that the one or more external devices are in interface communication with the protected device through the external terminal protection device.
Based on the technical scheme, compared with the prior art, the external terminal protection device and the external terminal protection system including the voice information verification have at least one or more of the following technical effects:
the external terminal protection equipment comprising the voice information verification can take over each data interface of the protected equipment, ensure that data communication using each interface of the protected equipment is completed through the external terminal, and determine the use permission of the current operator through various verification modes, thereby achieving the purpose of carrying out safety protection on the protected equipment without installing safety protection software on the protected equipment, greatly reducing the safety risk of a system, and comprehensively solving the potential safety hazard possibly generated by each interface.
Drawings
Fig. 1 is a schematic view of an application scenario of an external terminal protection device including voice information verification according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an internal structure of an external terminal protection device including voice information verification according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., "a and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The invention discloses an external terminal protection device including voice information verification, which comprises:
the external interfaces are used for connecting one or more external devices and protected devices respectively;
the voice information acquisition module is used for acquiring voice information of a user in real time, wherein the voice information comprises voiceprint information of the user;
the file monitoring module is connected with the voice information acquisition module and used for verifying the voice information and controlling the safety authentication of external equipment accessed by the external interface;
and the file transmission module is connected with the file monitoring module and used for transmitting the file data imported by the external equipment to the protected equipment under the control of the file monitoring module.
Wherein, the file monitoring module includes:
the identity information storage unit is used for temporarily storing the voice information of the user;
and the identity recognition unit is used for verifying whether the voice information of the user meets the preset access authority.
The identity information storage unit is also used for pre-storing identity information of users meeting the access authority, and the identity information comprises specific voice information pre-recorded by the users. Further preferably, in the case of requiring special confidentiality, different users can be specifically identified according to the specific audio features in the collected voice according to the existing voice recognition technology, so that only the specific users are allowed to have the operation authority; in the case of a wide range of users, the pre-recorded voice can be set as a specific password, and the voice recognition system can recognize the specific input content of the user under the interference of accent, dialect and the like, so that the use authority is determined according to whether the specific input content, namely the voice information conforms to the specific password content. Still further preferably, the voice password may be set dynamically, for example, requiring password A for one period of time to obtain the authorization and requiring password B for another period of time to obtain the authorization to use.
When the external interface is accessed to external equipment, the identity recognition unit matches the voice information acquired from the user with the voice information in the pre-stored identity information of the user meeting the access authority, and if the matching is successful, the user meets the access authority.
Wherein, the file monitoring module further comprises:
the data detection unit is used for detecting whether the file data stored in the external equipment meets a preset safety condition;
and the data storage unit is used for storing the file data passing the security authentication.
The data storage unit is connected with the identity recognition unit, and before the data storage unit receives the file data passing the safety authentication, the identity recognition unit sends a request for collecting voice information to the voice information collection module and verifies whether the identity information of a user meets the file transmission permission.
Wherein, the file monitoring module further comprises:
and the file service unit is used for managing the file data stored by the data storage unit and sending the index information corresponding to the stored file data to the file transmission module.
The file monitoring module further comprises a control unit for realizing the following control logic:
if the external equipment does not pass the security authentication, setting the external equipment as the unauthorized access equipment, and keeping the line physical disconnection state between the external equipment and the protected equipment; and/or
And if the external equipment passes the security authentication, confirming that the external equipment is the authorized access equipment, and connecting the physical connection of the line between the external equipment and the protected equipment.
One or more of the external interfaces are USB interfaces;
when the file monitoring module receives a request sent by a user to disconnect the external terminal protection device from the protected device, the voice information is verified, and if the voice information is not verified, an alarm indication signal is triggered.
The invention also discloses a protection system, comprising:
one or more external devices;
a protected device; and
the external terminal protection device is described above;
the external terminal protection device is externally connected to the protected device, so that the one or more external devices perform interface communication with the protected device through the external terminal protection device.
In order that the objects, technical solutions and advantages of the present invention will become more apparent, the present invention will be further described in detail with reference to the accompanying drawings in conjunction with the following specific embodiments.
Fig. 1 is a schematic view of an application scenario of an external terminal protection device including voice information verification according to an embodiment of the present invention, as shown in fig. 1, the external terminal protection device is externally connected to a protected device through respective interface connection lines, and respective interfaces (UC 1 and UC2 of a USB port, CC0 of a COM port, and internet access EC0) of the protected device that needs to be protected are connected to its internal interface through various types of connection lines, for example, the interfaces UC1 and UC2 of the protected device are respectively connected to the internal USB ports UA4 and UA3 of the external terminal protection device, the serial port CC0 is connected to the internal serial port CA2, and the internet access EC0 is connected to the internal internet access EA 2. And various external devices (USB flash disk, CD-ROM, serial port connecting device, etc.) are all received on the external terminal protection device, just can carry out data communication with protected equipment through external terminal protection device, for example the USB flash disk passes through the external interface UA1 access of external terminal protection device, and USB CD-ROM passes through the access of external interface UA2, and serial port connecting device passes through the access of external interface CA 1. The external devices such as the USB flash disk, the USB CD-ROM and the serial port connecting device need to carry out data communication with the protected device, cannot be directly connected to the protected device, and need to be switched to communicate through the corresponding external interface of the external terminal protection device.
Fig. 2 is a schematic diagram of an internal structure of an external terminal protection device including voice information authentication according to an embodiment of the present invention, and as shown in fig. 2, the external terminal protection device including voice information authentication includes: the device comprises a plurality of external interfaces, a voice information acquisition module, a file monitoring module and a file transmission module.
External interfaces such as USB interfaces, serial ports, network ports and the like are used for being connected with one or more external devices and protected devices respectively.
And the voice information acquisition module is used for acquiring the voice information of the user in real time, wherein the voice information comprises the voiceprint information of the user. Specifically, in the embodiment of the invention, the voice information acquisition module comprises a small electronic device which is composed of a display screen and a recording device. When a user inserts external equipment into the external terminal protection equipment, a circuit is not connected, the user is prompted to perform voice recognition through the display screen, and various functions of subsequent data detection and transmission are performed only after the voice recognition is passed.
And the file monitoring module is connected with the voice information acquisition module, is used for verifying the voice information and is also used for controlling the safety authentication of external equipment accessed by the external interface. Specifically, the file monitoring module includes: the system comprises an identity storage unit, an identity recognition unit, a data detection unit, a data storage unit and a file service unit.
The identity storage unit is used for temporarily storing the voice information of the user, for example, the voice information of the person with authority can be recorded and stored in the identity storage unit in advance, and simultaneously the voice information of the person using the external terminal protective equipment every time can be stored,
and the identity recognition unit is used for verifying whether the voice information of the user meets the preset access authority. The identity recognition unit is connected with the recording device, when a user aligns the recording device in a short distance and reads out characters displayed in the display screen, the identity recognition unit compares the recorded voice information of the user with the voice information stored in the identity storage unit, if the same voice information is matched, the verification is passed, and the identity information of the current user is displayed on the display screen.
After the user closely aims at the recording equipment and reads out the characters displayed in the display screen, the identity recognition unit does not match the corresponding voice information in the identity storage unit, then a character without using permission is prompted on the display screen of the voice information acquisition module, the user can contact an administrator to record and store the identity information and the voice information in the identity storage unit, and the permission for using the external terminal protection equipment is set.
The data detection unit is used for detecting whether the file data stored in the external equipment meets a preset safety condition; the data storage unit is used for storing the file data passing the security authentication; and the file service unit is used for managing the file data stored by the data storage unit and sending the index information corresponding to the stored file data to the file transmission module.
When the external storage device is connected to the file monitoring module through a port (for example, a USB port), the file monitoring module detects the external storage device itself, detects the security of file data, and the like, and then the file monitoring module is controlled by a user or stores a file to be transmitted to the protected device according to a predetermined security policy, and the file is managed by the security file service module, and simultaneously provides file index information to the file output module. The security function implemented by the external terminal protection device includes but is not limited to: an administrator sets the authority and the security policy of the external terminal protection equipment in advance; security policies include, but are not limited to: enabling data import (such as a USB interface), enabling data export (such as a USB interface), USB access device restriction (such as Vendor ID and/or Product ID based on USB devices, i.e. Product ID), data import antivirus policy, data export blacklist control policy, data export format control policy, enabling serial access policy, USB interface insertion protection, enabling network communication audit, enabling firewall function, setting serial command blacklist and whitelist, etc.
In a preferred embodiment, the security policy comprises: after the administrator sets each security policy, the related security policies are executed one by the external terminal protection device. In a preferred embodiment, the security policy comprises: and the administrator also controls whether the external terminal protection equipment enters a monitoring protection mode, the mode monitors the connection between the external terminal protection equipment and the protected equipment, and an alarm is given under the abnormal condition.
In a preferred embodiment, the interface protection provided by the external terminal protection device further includes device electrical security protection, and protection against abnormal conditions in use, including but not limited to, attempting to forcibly skip the external terminal protection device, attempting to access an illegal USB device after passing security verification using a legal USB device, and the like.
In a preferred embodiment, the device electrical safety protection provided by the external terminal protection device means that physical hardware damage to the protected device through an external interface such as a USB can be effectively prevented, and actions such as a USB bomb that damages the protected device through strong discharge can be prevented.
To achieve this, in a preferred embodiment of the present invention, the electrical safety is designed specifically in two levels:
(1) the interface adopts the design of current and voltage limiting
According to the scheme, the terminal protection equipment has the function of protecting the electrical safety of the equipment, namely the equipment is protected from being damaged by strong discharge equipment by adopting a hardware design, the condition of preventing current and voltage from being overlarge is realized by introducing a current-limiting and voltage-limiting circuit, and a first protection system is constructed;
(2) external equipment connection mechanism based on physical switch switching
The external terminal protection device further improves the electrical safety protection function by introducing hardware switching logic. Taking USB external device as an example, when a USB disk device or other USB devices are inserted into a terminal protection device for operation, necessary security authentication must be performed first, only the authorized device allows the next operation, and the inserted USB device cannot communicate with the protected device until the security authentication is not obtained. That is to say, before the inserted external device passes the security authentication, there is no communication line between the external device and the protected device, so even if the current-limiting and voltage-limiting design of the first layer protection does not play a role, the current-voltage impact caused by the inserted USB device will not affect the security of the protected device.
As an optional implementation manner, the external terminal protection device has a function of protecting against an interface abnormal condition in use, and is mainly used for a case that a malicious user pulls out a connection between the external terminal protection device and a protected device, so that the external terminal protection device is tried to be skipped over, the protected device is directly accessed, or a legal device is pulled out and replaced by an illegal USB device after the legal USB device is subjected to security verification.
One preferred embodiment of the present invention is specifically designed for protection against abnormal situations during use:
(1) interface connection locking, e.g. USB connection locking
The traditional interface locking is realized by preventing misuse or plugging and unplugging interfaces of other people through a mechanical mode, namely through a special interface, such as a special wide-port U disk or a special network port used in the confidential industry. The method has the defects that the universality is poor, the equipment interface needs to be modified to meet the mechanical connection requirement, the method is only suitable for equipment forcibly managed in special industries, the implementation is poor, and the equipment maintenance dispute is easily caused.
The invention provides an interface locking function of the external terminal protection equipment, which is realized by analog signal sampling and analog-to-digital conversion signal acquisition technologies, wherein when a specific interface of the external terminal protection equipment A is connected with a specific interface of protected equipment B, an interface control board in the external terminal protection equipment monitors the connection state of the specific interface connected with the protected equipment B in real time; and when the connection state is abnormal, the circuit connection between the interface control board and the protected equipment is automatically triggered and disconnected. Furthermore, the current/voltage change of the internal interface is captured by a monitoring circuit, the abnormal connection state is determined, and an alarm indication signal is triggered. Still further, after the line connection between the interface control board and the protected device is automatically triggered to be disconnected, the connection state is recovered from abnormal to normal, and the disconnection state of the line connection between the interface control board and the protected device is still maintained. Taking the USB port connection between the external terminal protection device a and the host B as an example, the external terminal protection device a will monitor the current and voltage conditions of the connection interface with the protected device B in real time, so as to obtain the connection line condition between the device a and the host B. When a malicious user pulls out the connecting line between the equipment A and the equipment B, the monitoring circuit captures the current and voltage change in time, triggers the audible and visual alarm and triggers the disconnection operation, so that the connection between the A and the B cannot be automatically recovered even if the user is plugged back into the connecting line, and the recovery is performed after the administrator is required to authorize the user to perform manual configuration.
(2) External device plugging and unplugging monitoring
The external equipment plugging and unplugging monitoring function of the external terminal protection equipment provided by the technical scheme of the invention refers to that the interface control board monitors the connection state of an external interface accessed to the external equipment in real time, and when the external equipment of the access equipment is confirmed to be allowed to be plugged out of the external interface, the physical connection of the connected circuit is automatically disconnected; furthermore, when the external device is accessed again after being pulled out of the external interface, the file monitoring module performs the security authentication operation on the external device again. As an embodiment, when a user obtains authorization and performs data import and export operations, the external terminal protection device a realizes effective monitoring of an inserted external device (for example, a USB device) through a monitoring interface, and prevents a behavior that the user pulls down a compliance device and inserts an illegal device after using the compliance device to pass security check. Once the user pulls out the equipment, the system automatically restores to an unauthorized disconnection state, thereby ensuring the connection safety of the equipment to the maximum extent.
As an optional implementation manner, the data storage unit is connected to the identity recognition unit, and before the data storage unit receives the file data passing the secure authentication, the identity recognition unit sends a request for acquiring voice information to the voice information acquisition module, and verifies whether the user identity information of the user meets the file transmission permission.
When the file monitoring module receives a request sent by a user to disconnect the external terminal protection device from the protected device, the file monitoring module requires the current user to verify voice information again to ensure personal operation, and if the verification is not passed for a plurality of times (which can be set to 3 times), an alarm indication signal is triggered to automatically inform an administrator to process.
And the file transmission module is connected with the file monitoring module and used for transmitting the file data imported by the external equipment to the protected equipment under the control of the file monitoring module. The file transmission module provides file index information for the protected device, a user of the protected device sends a file acquisition request to the file transmission module through the file index information, and the file transmission module acquires a corresponding file from the file monitoring module. Note that the file transfer protocol between the file transfer module and the file monitoring module is an internal security protocol to increase the security of the transfer.
When a user controls to import files of the external storage device into the protected device, voice recognition verification is also required to ensure the safety and accuracy of data.
The external terminal protection equipment can take over each data interface of the protected equipment, ensure that data communication using each interface of the protected equipment is completed through the external terminal, and determine the use authority of the current operator through various verification modes, thereby achieving the purpose of carrying out safety protection on the protected equipment without installing safety protection software on the protected equipment, greatly reducing the safety risk of a system, and comprehensively solving the potential safety hazard possibly generated by each interface.
The invention also provides the protection system, which comprises one or more external devices, protected devices and external terminal protection devices, wherein the external terminal protection devices are externally connected to the protected devices, so that the one or more external devices are in interface communication with the protected devices through the external terminal protection devices. Here, the external terminal protection device is as described above, and is not described herein again.
Furthermore, the protection system also comprises a control center for remotely controlling the external terminal protection equipment, wherein the control center consists of a server, a management workstation and other nodes and is connected to the internet access of the external terminal protection equipment through a network switching node.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some embodiments, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components of the text-enabled photograph entry apparatus, computing device, and computer-readable storage medium according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
While the foregoing embodiments have described the objects, aspects and advantages of the present invention in further detail, it should be understood that the present invention is not inherently related to any particular computer, virtual machine or electronic device, and various general-purpose machines may be used to implement the present invention. The invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.
Claims (10)
1. An external terminal protection device including voice information verification, comprising:
the external interfaces are used for connecting one or more external devices and protected devices respectively;
the voice information acquisition module is used for acquiring voice information of a user in real time, wherein the voice information comprises voiceprint information of the user;
the file monitoring module is connected with the voice information acquisition module and used for verifying the voice information and controlling the safety authentication of external equipment accessed by the external interface;
and the file transmission module is connected with the file monitoring module and used for transmitting the file data imported by the external equipment to the protected equipment under the control of the file monitoring module.
2. An external terminal protection device according to claim 1, wherein the file monitoring module comprises:
the identity information storage unit is used for temporarily storing the voice information of the user;
and the identity recognition unit is used for verifying whether the voice information of the user meets the preset access authority.
3. An external terminal protection device according to claim 2, wherein the identity information storage unit is further configured to store in advance identity information of a user satisfying access rights, the identity information including specific voice information previously entered by the user.
4. The external terminal protection device according to claim 3, wherein when the external interface is connected to an external device, the identity recognition unit matches the voice information collected from the user with the voice information in the pre-stored identity information of the user satisfying the access right, and if the matching is successful, the user satisfies the access right.
5. An external terminal protection device according to claim 4, wherein the file monitoring module further comprises:
the data detection unit is used for detecting whether the file data stored in the external equipment meets a preset safety condition;
and the data storage unit is used for storing the file data passing the security authentication.
6. An external terminal protection device as claimed in claim 5, wherein said data storage unit is connected to said identity recognition unit, and before said data storage unit receives the file data passing the security authentication, said identity recognition unit sends a request for collecting voice information to said voice information collection module, and verifies whether the identity information of the user satisfies the file transmission authority.
7. An external terminal protection device according to claim 5, wherein the file monitoring module further comprises:
and the file service unit is used for managing the file data stored by the data storage unit and sending the index information corresponding to the stored file data to the file transmission module.
8. An external terminal protection device according to claim 5, wherein the file monitoring module further comprises a control unit for implementing the following control logic:
if the external equipment does not pass the security authentication, setting the external equipment as the unauthorized access equipment, and keeping the line physical disconnection state between the external equipment and the protected equipment; and/or
And if the external equipment passes the security authentication, confirming that the external equipment is the authorized access equipment, and connecting the physical connection of the line between the external equipment and the protected equipment.
9. A circumscribed terminal guard device according to claim 1,
one or more of the external interfaces are USB interfaces;
preferably, when the file monitoring module receives a request sent by a user to disconnect the external terminal protection device from the protected device, the voice information is verified, and if the verification fails, an alarm indication signal is triggered.
10. A protective system, comprising:
one or more external devices;
a protected device; and
the external terminal guard device of any one of claims 1-9;
the external terminal protection device is externally connected to the protected device, so that the one or more external devices perform interface communication with the protected device through the external terminal protection device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010736004.1A CN111885178A (en) | 2020-07-28 | 2020-07-28 | External terminal protection equipment and protection system including voice information verification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010736004.1A CN111885178A (en) | 2020-07-28 | 2020-07-28 | External terminal protection equipment and protection system including voice information verification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111885178A true CN111885178A (en) | 2020-11-03 |
Family
ID=73202038
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010736004.1A Pending CN111885178A (en) | 2020-07-28 | 2020-07-28 | External terminal protection equipment and protection system including voice information verification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111885178A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685343A (en) * | 2012-09-03 | 2014-03-26 | 腾讯科技(深圳)有限公司 | File transfer method and file transfer system |
| CN105007322A (en) * | 2015-07-21 | 2015-10-28 | 陈丹 | File transmission method and system |
| CN107862185A (en) * | 2017-10-18 | 2018-03-30 | 福建中金在线信息科技有限公司 | USB identifying systems and USB system |
| CN107872451A (en) * | 2017-09-30 | 2018-04-03 | 上海壹账通金融科技有限公司 | User ID authentication method and authentication means |
| CN109543475A (en) * | 2018-10-29 | 2019-03-29 | 北京博衍思创信息科技有限公司 | A kind of circumscribed terminal protection equipment and guard system |
| CN110322890A (en) * | 2018-03-30 | 2019-10-11 | 谢维 | A kind of identity recognition device |
| CN110704822A (en) * | 2019-08-30 | 2020-01-17 | 深圳市声扬科技有限公司 | Method, device, server and system for improving user identity authentication security |
-
2020
- 2020-07-28 CN CN202010736004.1A patent/CN111885178A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685343A (en) * | 2012-09-03 | 2014-03-26 | 腾讯科技(深圳)有限公司 | File transfer method and file transfer system |
| CN105007322A (en) * | 2015-07-21 | 2015-10-28 | 陈丹 | File transmission method and system |
| CN107872451A (en) * | 2017-09-30 | 2018-04-03 | 上海壹账通金融科技有限公司 | User ID authentication method and authentication means |
| CN107862185A (en) * | 2017-10-18 | 2018-03-30 | 福建中金在线信息科技有限公司 | USB identifying systems and USB system |
| CN110322890A (en) * | 2018-03-30 | 2019-10-11 | 谢维 | A kind of identity recognition device |
| CN109543475A (en) * | 2018-10-29 | 2019-03-29 | 北京博衍思创信息科技有限公司 | A kind of circumscribed terminal protection equipment and guard system |
| CN110704822A (en) * | 2019-08-30 | 2020-01-17 | 深圳市声扬科技有限公司 | Method, device, server and system for improving user identity authentication security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109543475B (en) | External terminal protection device and protection system | |
| CN107493265B (en) | A kind of network security monitoring method towards industrial control system | |
| CN109561071B (en) | Data flow control's external terminal protective equipment and protection system | |
| CN110011848B (en) | Mobile operation and maintenance auditing system | |
| CN103248472A (en) | Operation request processing method and system and attack identification device | |
| CN108259478B (en) | Safety protection method based on industrial control terminal equipment interface HOOK | |
| WO2017034072A1 (en) | Network security system and security method | |
| CN104883364B (en) | A kind of method and device for judging user access server exception | |
| CN111898167A (en) | External terminal protection equipment and protection system including identity information verification | |
| CN114139226A (en) | USB device access control method and device and electronic device | |
| CN110087238B (en) | Information security protection system of mobile electronic equipment | |
| CN103618613A (en) | Network access control system | |
| CN114266081A (en) | Operation and maintenance computer safety protection system and method of power monitoring system | |
| CN111901418B (en) | External terminal protection equipment and system based on unidirectional file transfer protocol | |
| CN114186293A (en) | Communication control method and device for USB (universal serial bus) equipment and protected equipment and electronic equipment | |
| CN111885179B (en) | External terminal protection device and protection system based on file monitoring service | |
| CN111898105A (en) | External terminal protection equipment with user tracing function and protection system | |
| Braband | What's Security Level got to do with Safety Integrity Level? | |
| CN111859434A (en) | External terminal protection device and protection system for providing confidential file transmission | |
| KR101614809B1 (en) | Practice control system of endpoint application program and method for control the same | |
| CN107968777B (en) | Network security monitoring system | |
| CN111885178A (en) | External terminal protection equipment and protection system including voice information verification | |
| CN111859473A (en) | External terminal protection equipment and protection system based on space detection | |
| CN111859344A (en) | External terminal protection equipment and protection system including face information verification | |
| KR20100085459A (en) | Personal information protecting device for using filtering network transferring data method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201103 |
|
| RJ01 | Rejection of invention patent application after publication |