CN112818326A - USB device permission determining method, device, equipment and medium - Google Patents
USB device permission determining method, device, equipment and medium Download PDFInfo
- Publication number
- CN112818326A CN112818326A CN202110217101.4A CN202110217101A CN112818326A CN 112818326 A CN112818326 A CN 112818326A CN 202110217101 A CN202110217101 A CN 202110217101A CN 112818326 A CN112818326 A CN 112818326A
- Authority
- CN
- China
- Prior art keywords
- equipment
- information
- value
- usb
- main control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000012795 verification Methods 0.000 claims abstract description 39
- 238000004364 calculation method Methods 0.000 claims abstract description 14
- 238000005070 sampling Methods 0.000 claims description 28
- 230000008569 process Effects 0.000 claims description 15
- 238000001514 detection method Methods 0.000 claims description 3
- 241000700605 Viruses Species 0.000 abstract description 8
- 230000009545 invasion Effects 0.000 abstract description 8
- 230000005540 biological transmission Effects 0.000 description 10
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method, a device, equipment and a medium for determining authority of USB equipment, which are used for solving the technical problem of agent system information leakage or virus invasion caused by the use of illegal USB equipment. Detecting whether a USB device is accessed in the seat system or not through a box program, if so, acquiring device information of the USB device through the box program, encrypting the device information according to a public key, and uploading the obtained encrypted data to a main control end in the seat system; decrypting the encrypted data through the main control terminal according to the private key to obtain equipment information, and calculating a value to be authenticated according to the equipment information and the identity information of the current login user; comparing the value to be authenticated with the stored authentication value through the master control terminal to obtain a verification result of the USB equipment, wherein the authentication value is obtained through equipment information calculation of the target USB equipment; and sending the verification result to the box program through the main control end, so that the box program determines the authority of the USB equipment according to the verification result.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a medium for determining a USB device permission.
Background
The USB device is a mobile storage device which is applied more at present, and the problem of information leakage is easy to occur in the using process. In public security and other government agencies, energy departments and other agent systems, special attention is paid to information security, management and control on the security of the USB equipment need to be strengthened, and leakage of system information or virus invasion caused by the use of illegal USB equipment is prevented.
Therefore, it is an urgent technical problem to be solved in the art to provide a secure and reliable method for managing and controlling the authority of a USB device.
Disclosure of Invention
The application provides a method, a device, equipment and a medium for determining the authority of USB equipment, which are used for solving the technical problem of agent system information leakage or virus invasion caused by the use of illegal USB equipment.
In view of this, a first aspect of the present application provides a method for determining USB device permissions, including:
detecting whether a USB device is accessed in the seat system or not through a box program, and if so, acquiring device information of the USB device through the box program;
encrypting the equipment information according to a public key through the box program, and uploading the obtained encrypted data to a main control end in the seat system;
decrypting the encrypted data according to a private key through the main control end to obtain the equipment information, and calculating a value to be authenticated according to the equipment information and the identity information of the current login user through the main control end;
comparing the value to be authenticated with a stored authentication value through the master control terminal to obtain a verification result of the USB equipment, wherein the authentication value is obtained through equipment information calculation of target USB equipment;
and sending the verification result to the box program through the main control end, so that the box program determines the authority of the USB equipment according to the verification result.
Optionally, the configuration process of the public key and the private key is as follows:
generating the public key and the private key of a configuration client in the agent system through an SSH script;
sending the public key to the main control end and the box program through the configuration client;
and when the box program is upgraded, the private key is uploaded to the main control end.
Optionally, the configuration process of the authentication value is as follows:
logging in a configuration client in the agent system by using an administrator identity, and acquiring equipment information of the target USB equipment when the target USB equipment is detected to be accessed through the box program;
encrypting according to the equipment information of the target USB equipment and the identity information of the administrator to obtain the authentication value;
and sending the authentication value to the main control terminal for storage through the configuration client.
Optionally, the to-be-authenticated value or the authentication value is calculated by:
respectively converting the equipment information and the identity information into base64 character strings to obtain an equipment character string and an identity character string, wherein the identity information comprises face information and fingerprint information;
and taking the ASCII value of the character at the same position in the equipment character string and the identity character string as a sampling value, substituting the sampling value into a preset formula, and calculating to obtain the value to be authenticated or the authentication value, wherein the preset formula is as follows:
wherein x, y and z are sampling values corresponding to the face information, the fingerprint information and the device information respectively, and P, Q and R are preset adjusting parameters.
Optionally, the converting the device information and the identity information into base64 character strings respectively to obtain a device character string and an identity character string, and then further includes:
respectively selecting character strings with preset lengths at target positions from the equipment character strings and the identity character strings as target equipment character strings and target identity character strings;
the step of taking the ASCII value of the character at the same position in the device string and the identity string as a sampling value, and substituting the sampling value into a preset formula to calculate the value to be authenticated or the authentication value includes:
and taking the ASCII value of the character at the same position in the target equipment character string and the target identity character string as a sampling value, and substituting the sampling value into a preset formula to calculate to obtain the value to be authenticated or the authentication value.
A second aspect of the present application provides a USB device permission determining apparatus, including:
the detection unit is used for detecting whether USB equipment is accessed in the seat system through a box program, and if so, acquiring equipment information of the USB equipment through the box program;
the encryption unit is used for encrypting the equipment information according to a public key through the box program and uploading the obtained encrypted data to a main control end in the seat system;
the decryption and calculation unit is used for decrypting the encrypted data according to a private key through the main control end to obtain the equipment information, and calculating a value to be authenticated according to the equipment information and the identity information of the current login user through the main control end;
the comparison unit is used for comparing the value to be authenticated with a stored authentication value through the main control terminal to obtain a verification result of the USB equipment, and the authentication value is obtained through equipment information calculation of target USB equipment;
and the sending unit is used for sending the verification result to the box program through the main control end, so that the box program determines the authority of the USB equipment according to the verification result.
Optionally, the configuration process of the authentication value is as follows:
logging in a configuration client in the agent system by using an administrator identity, and acquiring equipment information of the target USB equipment when the target USB equipment is detected to be accessed through the box program;
encrypting according to the equipment information of the target USB equipment and the identity information of the administrator to obtain the authentication value;
and sending the authentication value to the main control terminal for storage through the configuration client.
Optionally, the to-be-authenticated value or the authentication value is calculated by:
respectively converting the equipment information and the identity information into base64 character strings to obtain an equipment character string and an identity character string, wherein the identity information comprises face information and fingerprint information;
and taking the ASCII value of the character at the same position in the equipment character string and the identity character string as a sampling value, substituting the sampling value into a preset formula, and calculating to obtain the value to be authenticated or the authentication value, wherein the preset formula is as follows:
wherein x, y and z are sampling values corresponding to the face information, the fingerprint information and the device information respectively, and P, Q and R are preset adjusting parameters.
A third aspect of the present application provides a USB device permission determining device, the device comprising a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the method for determining USB device permission according to any one of the first aspect according to instructions in the program code.
A fourth aspect of the present application provides a computer-readable storage medium for storing program code for executing the method for determining USB device permissions according to any one of the first aspects.
According to the technical scheme, the method has the following advantages:
the application provides a USB device permission determining method, which comprises the following steps: detecting whether the agent system has USB equipment access through a box program, and if so, acquiring equipment information of the USB equipment through the box program; encrypting the equipment information according to the public key through a box program, and uploading the obtained encrypted data to a main control end in the seat system; decrypting the encrypted data through the main control end according to the private key to obtain equipment information, and calculating a value to be authenticated through the main control end according to the equipment information and the identity information of the current login user; comparing the value to be authenticated with the stored authentication value through the master control terminal to obtain a verification result of the USB equipment, wherein the authentication value is obtained by calculating equipment information of the target USB equipment; and sending the verification result to the box program through the main control end, so that the box program determines the authority of the USB equipment according to the verification result.
In the method, when the box program detects that the agent system has the USB device to access, the device information of the USB device is encrypted and uploaded to the main control end through the public key, the device information is obtained by decrypting the device information through the private key at the main control end, and the device information is encrypted through the public key, so that the safety and the authenticity of the device information in the transmission process are ensured; the master control end calculates the value to be authenticated according to the equipment information and the identity information of the current login user, and determines whether the USB equipment has the use authority or not by comparing the value to be authenticated with the authentication value prestored in the master control end, so that the use of illegal USB equipment is avoided, and the technical problem of seat system information leakage or virus invasion caused by the use of illegal USB equipment is solved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flowchart of a method for determining USB device permissions according to an embodiment of the present application;
fig. 2 is another schematic flow chart of a method for determining USB device permission according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an apparatus for determining USB device permission according to an embodiment of the present application.
Detailed Description
The application provides a method, a device, equipment and a medium for determining the authority of USB equipment, which are used for solving the technical problem of agent system information leakage or virus invasion caused by the use of illegal USB equipment.
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
For easy understanding, please refer to fig. 1, an embodiment of a method for determining USB device permissions provided in the present application includes:
The agent system comprises a configuration client and a main control end, whether the agent system has USB equipment access is detected through a box program, if yes, equipment information of the USB equipment is obtained through the box program, and the equipment information can comprise identification, manufacturer information, equipment serial number and the like of the USB equipment.
And 102, encrypting the equipment information according to the public key through a box program, and uploading the obtained encrypted data to a main control end in the seat system.
In order to ensure the security and authenticity of the device information in the transmission process, the box program in the embodiment of the application encrypts the device information according to the public key to obtain encrypted data, and then uploads the encrypted data to the main control end in the agent system.
And 103, decrypting the encrypted data through the main control end according to the private key to obtain equipment information, and calculating a value to be authenticated through the main control end according to the equipment information and the identity information of the current login user.
After the main control end receives the encrypted data, the encrypted data is encrypted through a private key to obtain equipment information, and then a value to be authenticated is calculated according to the equipment information and the identity information of the current login user, wherein the current login user is a user who logs in the seat system currently.
Further, the configuration process of the public key and the private key is as follows:
generating a public key and a private key of a configuration client in the agent system through the SSH script; sending the public key to a main control end and a box program through a configuration client; and when the box program is upgraded, the private key is uploaded to the main control end.
Because data transmission is carried out between the configuration client and the main control end through the network, in order to ensure the consistency and the safety of data in the transmission process and prevent illegal interception, tampering, counterfeiting and the like by a third party in the transmission process, the configuration client in the embodiment of the application generates a public key and a private key in an SSH encryption mode through a third party script, and then sends the public key to the main control end and a box program so as to encrypt the transmitted data. When the private key is upgraded by engineering personnel in a box program, the private key is upgraded to the main control end, so that the reliability of the private key is ensured by the signature of a third party certification personnel, and the safety of data transmission is ensured.
Further, the calculation process of the value to be authenticated is as follows:
and S1, converting the equipment information and the identity information into base64 character strings respectively to obtain an equipment character string and an identity character string.
And respectively converting the equipment information of the USB equipment and the identity information of the current login user into a base64 character string to obtain an equipment character string and an identity character string. The identity information comprises face information and fingerprint information, and correspondingly, the identity character string comprises a face information character string and a fingerprint information character string.
And S2, taking the ASCII value of the character at the same position in the equipment character string and the identity character string as a sampling value, and substituting the sampling value into a preset formula to calculate to-be-authenticated value or authentication value.
Further, before step S2, a character string with a preset length at the target position may be selected from the device character string and the identity character string as a target device character string and a target identity character string, respectively; and taking the ASCII value of the character at the same position in the target equipment character string and the target identity character string as a sampling value, and substituting the sampling value into a preset formula to calculate the value to be authenticated. Wherein, the preset formula is as follows:
wherein, x, y, z are the sampling value that face information, fingerprint information and equipment information correspond respectively, and P, Q and R are preset adjusting parameter, can carry out nimble setting according to actual conditions.
If the calculated value to be authenticated has a decimal point, a six-bit effective value can be taken as a final value to be authenticated.
And step 104, comparing the value to be authenticated with the stored authentication value through the main control terminal to obtain a verification result of the USB equipment, wherein the authentication value is obtained through equipment information calculation of the target USB equipment.
After the master control end calculates the value to be authenticated, the value to be authenticated is compared with the authentication value pre-stored in the master control end, whether the value to be authenticated is consistent with the authentication value or not is compared, if so, the obtained verification result is that the verification is passed, and if not, the obtained verification result is that the verification is not passed. Wherein, the authentication value is calculated by the device information of the authorized target USB device.
And 105, sending the verification result to the box program through the main control end, so that the box program determines the authority of the USB device according to the verification result.
The box program obtains the verification result of the current USB equipment from the main control end, and determines whether the USB equipment has the use authority or not according to the verification result, when the verification result is that the USB equipment passes the verification, the USB equipment has the use authority, and when the verification result is that the USB equipment does not pass the verification, the USB equipment does not have the use authority and is illegal equipment.
In the embodiment of the application, when the box program detects that the agent system has the USB device access, the device information of the USB device is encrypted and uploaded to the main control end through the public key, the device information is obtained by decrypting the device information through the private key at the main control end, and the device information is encrypted through the public key, so that the safety and the authenticity of the device information in the transmission process are ensured; the master control end calculates the value to be authenticated according to the equipment information and the identity information of the current login user, and determines whether the USB equipment has the use authority or not by comparing the value to be authenticated with the authentication value prestored in the master control end, so that the use of illegal USB equipment is avoided, and the technical problem of seat system information leakage or virus invasion caused by the use of illegal USB equipment is solved.
The above is an embodiment of a method for determining USB device permission provided by the present application, and the following is another embodiment of a method for determining USB device permission provided by the present application.
Referring to fig. 2, a method for determining USB device permission provided in an embodiment of the present application includes:
In the embodiment of the application, before the agent system is put into use formally, a user with the authority of a manager can perform authorized configuration on a plurality of safe target USB devices in advance at the configuration client. The authentication value of the target USB device is calculated, and the authentication value is sent to the main control end to be stored, and the target USB device corresponding to the authentication value stored by the main control end is the authorized USB device and has the use permission. The configuration process of the authentication value is as follows:
and S2011, logging in a configuration client in the agent system by using the identity of an administrator, and acquiring the equipment information of the target USB equipment when the access of the target USB equipment is detected through the box program.
When the authentication value is configured, the user logging in the configuration client can only be an administrator user, which is the first line of defense for authorizing and controlling the target USB device. When logging in, the configuration client performs face verification and fingerprint verification to acquire identity information (face information and fingerprint information) of the administrator. After logging in, the target USB equipment to be authorized can be accessed safely, and when a box program in the agent system detects that the target USB equipment is accessed, the equipment information of the target USB equipment is automatically acquired.
S2012, the device information of the target USB device and the identity information of the administrator are encrypted to obtain an authentication value.
And in the configuration client, carrying out encryption calculation according to the equipment information of the target USB equipment and the identity information of the administrator to obtain a unique authentication value of the target USB equipment. The calculation process of the authentication value is similar to that of the value to be authenticated, except that the value to be authenticated adopts the identity information of the current login user, and the authentication value adopts the identity information of the administrator.
And S2013, the authentication value is sent to the main control end for storage through the configuration client.
The authentication value is sent to the main control end for storage through the configuration client, data can be transmitted by adopting an asymmetric encryption key, the authentication value is encrypted through a public key, and then the encrypted authentication value is sent to the main control end. When the box program is upgraded, the private key is upgraded to the main control end, so that the main control end can decrypt the encrypted authentication value through the private key, and the security and the authenticity of the transmission of the authentication value are ensured.
When the agent system is put into use, when the box program detects that the USB equipment is accessed, the value to be authenticated is calculated according to the identity information of the agent user and the equipment information of the USB equipment, and the comparison is carried out according to the value to be authenticated of the accessed USB equipment and the stored authentication value of the target USB equipment so as to confirm whether the currently accessed USB equipment is the target USB equipment and further confirm the use permission of the USB equipment.
And 203, encrypting the equipment information according to the public key through the box program, and uploading the obtained encrypted data to a main control end in the seat system.
And step 204, decrypting the encrypted data by the main control end according to the private key to obtain the device information, and calculating the value to be authenticated by the main control end according to the device information and the identity information of the current login user.
And step 206, sending the verification result to the box program through the main control end, so that the box program determines the authority of the USB device according to the verification result.
The specific contents of step 202 to step 206 are the same as the specific contents of step 101 to step 105, and are not described herein again.
In the embodiment of the application, when the box program detects that the agent system has the USB device access, the device information of the USB device is encrypted and uploaded to the main control end through the public key, the device information is obtained by decrypting the device information through the private key at the main control end, and the device information is encrypted through the public key, so that the safety and the authenticity of the device information in the transmission process are ensured; the master control end calculates the value to be authenticated according to the equipment information and the identity information of the current login user, and determines whether the USB equipment has the use authority or not by comparing the value to be authenticated with the authentication value prestored in the master control end, so that the use of illegal USB equipment is avoided, and the technical problem of seat system information leakage or virus invasion caused by the use of illegal USB equipment is solved.
Furthermore, in the embodiment of the application, the administrator performs authorization configuration on the target USB device at the configuration client, calculates the authentication value of the target USB device, and performs encryption processing on the authentication value when transmitting the authentication value, so that the security and the authenticity of the authentication value are ensured, and the authentication value can be prevented from being intercepted and forged by a third party.
The foregoing is another embodiment of the method for determining USB device permission provided by the present application, and the following is an embodiment of the apparatus for determining USB device permission provided by the present application.
Referring to fig. 3, an apparatus for determining USB device permission provided in an embodiment of the present application includes:
the detection unit is used for detecting whether the USB equipment is accessed in the seat system or not through a box program, and if so, acquiring equipment information of the USB equipment through the box program;
the encryption unit is used for encrypting the equipment information according to the public key through a box program and uploading the obtained encrypted data to a main control end in the seat system;
the decryption and calculation unit is used for decrypting the encrypted data through the main control end according to the private key to obtain equipment information, and calculating a value to be authenticated through the main control end according to the equipment information and the identity information of the current login user;
the comparison unit is used for comparing the value to be authenticated with the stored authentication value through the main control terminal to obtain a verification result of the USB equipment, and the authentication value is obtained through equipment information calculation of the target USB equipment;
and the sending unit is used for sending the verification result to the box program through the main control end, so that the box program determines the authority of the USB equipment according to the verification result.
As a further improvement, the configuration process of the public key and the private key is as follows:
generating a public key and a private key of a configuration client in the agent system through the SSH script;
sending the public key to a main control end and a box program through a configuration client;
and when the box program is upgraded, the private key is uploaded to the main control end.
As a further improvement, the configuration process of the authentication value is as follows:
logging in a configuration client in the agent system by using the identity of an administrator, and acquiring equipment information of a target USB (universal serial bus) device when the access of the target USB device is detected through a box program;
encrypting according to the equipment information of the target USB equipment and the identity information of the administrator to obtain an authentication value;
and sending the authentication value to the main control end for storage through the configuration client.
As a further improvement, the calculation process of the value to be authenticated or the authentication value is as follows:
respectively converting the equipment information and the identity information into base64 character strings to obtain an equipment character string and an identity character string, wherein the identity information comprises face information and fingerprint information;
the method comprises the following steps of taking the ASCII value of the character at the same position in the equipment character string and the identity character string as a sampling value, substituting the sampling value into a preset formula, and calculating to obtain a value to be authenticated or an authentication value, wherein the preset formula is as follows:
wherein x, y and z are sampling values corresponding to the face information, the fingerprint information and the device information respectively, and P, Q and R are preset adjusting parameters.
In the embodiment of the application, when the box program detects that the agent system has the USB device access, the device information of the USB device is encrypted and uploaded to the main control end through the public key, the device information is obtained by decrypting the device information through the private key at the main control end, and the device information is encrypted through the public key, so that the safety and the authenticity of the device information in the transmission process are ensured; the master control end calculates the value to be authenticated according to the equipment information and the identity information of the current login user, and determines whether the USB equipment has the use authority or not by comparing the value to be authenticated with the authentication value prestored in the master control end, so that the use of illegal USB equipment is avoided, and the technical problem of seat system information leakage or virus invasion caused by the use of illegal USB equipment is solved.
Furthermore, in the embodiment of the application, the administrator performs authorization configuration on the target USB device at the configuration client, calculates the authentication value of the target USB device, and performs encryption processing on the authentication value when transmitting the authentication value, so that the security and the authenticity of the authentication value are ensured, and the authentication value can be prevented from being intercepted and forged by a third party.
The embodiment of the application also provides a USB device permission determining device, which comprises a processor and a memory;
the memory is used for storing the program codes and transmitting the program codes to the processor;
the processor is used for executing the USB equipment authority determining method in the method embodiment according to the instructions in the program codes.
The embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium is used to store a program code, and the program code is used to execute the USB device permission determination method in the foregoing method embodiment.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for executing all or part of the steps of the method described in the embodiments of the present application through a computer device (which may be a personal computer, a server, or a network device). And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (10)
1. A method for determining authority of a USB device is characterized by comprising the following steps:
detecting whether a USB device is accessed in the seat system or not through a box program, and if so, acquiring device information of the USB device through the box program;
encrypting the equipment information according to a public key through the box program, and uploading the obtained encrypted data to a main control end in the seat system;
decrypting the encrypted data according to a private key through the main control end to obtain the equipment information, and calculating a value to be authenticated according to the equipment information and the identity information of the current login user through the main control end;
comparing the value to be authenticated with a stored authentication value through the master control terminal to obtain a verification result of the USB equipment, wherein the authentication value is obtained through equipment information calculation of target USB equipment;
and sending the verification result to the box program through the main control end, so that the box program determines the authority of the USB equipment according to the verification result.
2. The method for determining the authority of the USB device according to claim 1, wherein the configuration process of the public key and the private key is as follows:
generating the public key and the private key of a configuration client in the agent system through an SSH script;
sending the public key to the main control end and the box program through the configuration client;
and when the box program is upgraded, the private key is uploaded to the main control end.
3. The method for determining the authority of the USB device according to claim 1, wherein the configuration process of the authentication value is as follows:
logging in a configuration client in the agent system by using an administrator identity, and acquiring equipment information of the target USB equipment when the target USB equipment is detected to be accessed through the box program;
encrypting according to the equipment information of the target USB equipment and the identity information of the administrator to obtain the authentication value;
and sending the authentication value to the main control terminal for storage through the configuration client.
4. The method for determining the authority of the USB device according to claim 1 or 3, wherein the value to be authenticated or the authentication value is calculated by:
respectively converting the equipment information and the identity information into base64 character strings to obtain an equipment character string and an identity character string, wherein the identity information comprises face information and fingerprint information;
and taking the ASCII value of the character at the same position in the equipment character string and the identity character string as a sampling value, substituting the sampling value into a preset formula, and calculating to obtain the value to be authenticated or the authentication value, wherein the preset formula is as follows:
wherein x, y and z are sampling values corresponding to the face information, the fingerprint information and the device information respectively, and P, Q and R are preset adjusting parameters.
5. The method for determining USB device permission according to claim 4, wherein the converting the device information and the identity information into base64 character strings respectively to obtain a device character string and an identity character string, further comprises:
respectively selecting character strings with preset lengths at target positions from the equipment character strings and the identity character strings as target equipment character strings and target identity character strings;
the step of taking the ASCII value of the character at the same position in the device string and the identity string as a sampling value, and substituting the sampling value into a preset formula to calculate the value to be authenticated or the authentication value includes:
and taking the ASCII value of the character at the same position in the target equipment character string and the target identity character string as a sampling value, and substituting the sampling value into a preset formula to calculate to obtain the value to be authenticated or the authentication value.
6. An apparatus for determining authority of a USB device, comprising:
the detection unit is used for detecting whether USB equipment is accessed in the seat system through a box program, and if so, acquiring equipment information of the USB equipment through the box program;
the encryption unit is used for encrypting the equipment information according to a public key through the box program and uploading the obtained encrypted data to a main control end in the seat system;
the decryption and calculation unit is used for decrypting the encrypted data according to a private key through the main control end to obtain the equipment information, and calculating a value to be authenticated according to the equipment information and the identity information of the current login user through the main control end;
the comparison unit is used for comparing the value to be authenticated with a stored authentication value through the main control terminal to obtain a verification result of the USB equipment, and the authentication value is obtained through equipment information calculation of target USB equipment;
and the sending unit is used for sending the verification result to the box program through the main control end, so that the box program determines the authority of the USB equipment according to the verification result.
7. The apparatus for determining USB device permission according to claim 6, wherein the authentication value is configured by:
logging in a configuration client in the agent system by using an administrator identity, and acquiring equipment information of the target USB equipment when the target USB equipment is detected to be accessed through the box program;
encrypting according to the equipment information of the target USB equipment and the identity information of the administrator to obtain the authentication value;
and sending the authentication value to the main control terminal for storage through the configuration client.
8. The apparatus for determining USB device permission according to claim 6 or 7, wherein the value to be authenticated or the authentication value is calculated by:
respectively converting the equipment information and the identity information into base64 character strings to obtain an equipment character string and an identity character string, wherein the identity information comprises face information and fingerprint information;
and taking the ASCII value of the character at the same position in the equipment character string and the identity character string as a sampling value, substituting the sampling value into a preset formula, and calculating to obtain the value to be authenticated or the authentication value, wherein the preset formula is as follows:
wherein x, y and z are sampling values corresponding to the face information, the fingerprint information and the device information respectively, and P, Q and R are preset adjusting parameters.
9. A USB device permission determination device, the device comprising a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the USB device permission determination method of any one of claims 1-5 according to instructions in the program code.
10. A computer-readable storage medium for storing program code for executing the USB device permission determination method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110217101.4A CN112818326A (en) | 2021-02-26 | 2021-02-26 | USB device permission determining method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110217101.4A CN112818326A (en) | 2021-02-26 | 2021-02-26 | USB device permission determining method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112818326A true CN112818326A (en) | 2021-05-18 |
Family
ID=75864001
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110217101.4A Pending CN112818326A (en) | 2021-02-26 | 2021-02-26 | USB device permission determining method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112818326A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113434372A (en) * | 2021-06-10 | 2021-09-24 | 浙江大华技术股份有限公司 | Method, device, system and storage medium for positioning indication |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101561855A (en) * | 2009-05-27 | 2009-10-21 | 北京飞天诚信科技有限公司 | Method and system for controlling computer to access USB device |
| CN103824014A (en) * | 2014-02-09 | 2014-05-28 | 国家电网公司 | Isolation certificating and monitoring method of USB (universal serial bus) port within local area network |
| CN105099705A (en) * | 2015-08-19 | 2015-11-25 | 同方计算机有限公司 | Safety communication method and system based on USB protocol |
| CN109344598A (en) * | 2018-09-29 | 2019-02-15 | 北京东土科技股份有限公司 | The binding of equipment room and authority control method, device, equipment and storage medium |
| CN111475311A (en) * | 2019-07-15 | 2020-07-31 | 广州湖森电子科技有限公司 | Collaboration system, collaboration control method, and collaboration control device |
-
2021
- 2021-02-26 CN CN202110217101.4A patent/CN112818326A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101561855A (en) * | 2009-05-27 | 2009-10-21 | 北京飞天诚信科技有限公司 | Method and system for controlling computer to access USB device |
| CN103824014A (en) * | 2014-02-09 | 2014-05-28 | 国家电网公司 | Isolation certificating and monitoring method of USB (universal serial bus) port within local area network |
| CN105099705A (en) * | 2015-08-19 | 2015-11-25 | 同方计算机有限公司 | Safety communication method and system based on USB protocol |
| CN109344598A (en) * | 2018-09-29 | 2019-02-15 | 北京东土科技股份有限公司 | The binding of equipment room and authority control method, device, equipment and storage medium |
| CN111475311A (en) * | 2019-07-15 | 2020-07-31 | 广州湖森电子科技有限公司 | Collaboration system, collaboration control method, and collaboration control device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113434372A (en) * | 2021-06-10 | 2021-09-24 | 浙江大华技术股份有限公司 | Method, device, system and storage medium for positioning indication |
| CN113434372B (en) * | 2021-06-10 | 2023-07-18 | 浙江大华技术股份有限公司 | Positioning indication method, device, system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102055116B1 (en) | Data security service | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN105656862B (en) | Authentication method and device | |
| CN106664209B (en) | The method and system of generation and the management of secret cryptographic key based on password | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN105743638A (en) | System client authorization authentication method based on B/S framework | |
| CN111740995B (en) | Authorization authentication method and related device | |
| US8316437B2 (en) | Method for protecting the access to an electronic object connected to a computer | |
| KR101531662B1 (en) | Method and system for mutual authentication between client and server | |
| JP6751545B1 (en) | Electronic signature system and anti-tamper device | |
| EP4072064A1 (en) | Electronic signature system and tamper-resistant device | |
| US20190253402A1 (en) | User sign-in and authentication without passwords | |
| CN112073422A (en) | Intelligent home protection system and protection method thereof | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| CN116743470A (en) | Service data encryption processing method and device | |
| CN114024672A (en) | Safety protection method and system for low-voltage power line carrier communication system | |
| CN112818326A (en) | USB device permission determining method, device, equipment and medium | |
| CN108616516A (en) | A kind of third party's plaintext password method of calibration based on multiple encryption algorithms | |
| CN104394532A (en) | Anti-brute force safe log-in method for mobile terminal | |
| JP2021111925A (en) | Electronic signature system | |
| CN111526010A (en) | Key escrow method suitable for user identity authentication | |
| CN116668035A (en) | Intelligent door lock safety authentication method and device | |
| CN110808827A (en) | Quantum encryption-based air certificate issuing method and system | |
| KR20110128371A (en) | Mobile authentication system and central control system, and the method of operating them for mobile clients |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210518 |