CN113259129A - Industrial personal computer system with safety encryption function - Google Patents

Industrial personal computer system with safety encryption function Download PDF

Info

Publication number
CN113259129A
CN113259129A CN202110682560.XA CN202110682560A CN113259129A CN 113259129 A CN113259129 A CN 113259129A CN 202110682560 A CN202110682560 A CN 202110682560A CN 113259129 A CN113259129 A CN 113259129A
Authority
CN
China
Prior art keywords
encryption
chip
login
safety
personal computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110682560.XA
Other languages
Chinese (zh)
Other versions
CN113259129B (en
Inventor
张文博
董佳利
胡天翔
王兴华
马佳静
丁飒
李美霞
李显鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Zhonghuan Hengda Technology Co.,Ltd.
Original Assignee
Tianjin Zhonghuan Electronic Computer Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Zhonghuan Electronic Computer Co ltd filed Critical Tianjin Zhonghuan Electronic Computer Co ltd
Priority to CN202110682560.XA priority Critical patent/CN113259129B/en
Publication of CN113259129A publication Critical patent/CN113259129A/en
Application granted granted Critical
Publication of CN113259129B publication Critical patent/CN113259129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an industrial personal computer system with a safety encryption function, which comprises an industrial personal computer mainboard and an operating system carried by the industrial personal computer, wherein industrial control encryption software is also configured on the operating system, the industrial personal computer mainboard comprises a processor, a bridge chip and a safety chip, the processor is electrically connected with the bridge chip, the bridge chip is electrically connected with the safety chip by adopting a USB2.0 protocol, the operating system is configured with a safety login verification algorithm and used for performing safety verification on login of the operating system, and the industrial control encryption software is configured with a data encryption algorithm. According to the invention, by setting a safe login verification algorithm and a data encryption algorithm, the safe login function of an operating system and the file data encryption function of industrial control encryption software are realized; and the security of the operating system file is comprehensively ensured by setting the double login authentication of the operating system and the industrial control encryption software and the security encryption strategy configured by the industrial control encryption software.

Description

Industrial personal computer system with safety encryption function
Technical Field
The invention relates to the technical field of industrial personal computer encryption, in particular to an industrial personal computer system with a safety encryption function.
Background
With the development of AI technology and big data, information security becomes more important, and the localization autonomous controllable trend in the industrial personal computer field develops rapidly. At present, industrial personal computers are widely applied to a plurality of fields such as industrial production, financial equipment, traffic tracks, internet of things and the like, and certain requirements are made on the safety performance of software and hardware of the industrial personal computers. Industrial personal computers with safety performance based on domestic processor platforms will become a trend in future development. However, the existing industrial personal computer generally implements security encryption in the form of an external security chip, for example, application document with patent application number 201510214938.8 discloses a PIN encryption device and an encryption method for touch screen key input, wherein the security chip is connected with the industrial personal computer through a communication interface, the industrial personal computer and a security protection area are mutually independent, in the system structure, the part related to software security encryption needs to depend on the external security chip, the failure of the communication interface may affect the security of data in the security chip, and the security coefficient is low; moreover, a data encryption algorithm is configured by applying the security chip, and the existing industrial control system has no scheme which is perfect enough.
Disclosure of Invention
The invention aims to provide an industrial personal computer system with a safety encryption function, which can enable an industrial personal computer mainboard to have an encryption function by integrating a safety chip on the industrial personal computer mainboard, and comprehensively ensure the safety of operating system files by setting double login authentication of an operating system and industrial control encryption software and a safety encryption strategy configured by the industrial control encryption software.
In order to achieve the purpose, the invention provides the following technical scheme: an industrial personal computer system with a safety encryption function comprises an industrial personal computer mainboard and an operating system carried by the industrial personal computer, the operating system is also provided with industrial control encryption software, the industrial control computer mainboard comprises a processor, a bridge chip and a security chip, the processor and the bridge chip adopt PCIE3.0 high-speed serial bus for signal transmission, the transmission by adopting the protocol can ensure higher signal transmission rate when the signal lines are fewer, the bridge chip and the safety chip are electrically connected by adopting a USB2.0 protocol, the interface universality and the higher signal transmission rate are considered, the operating system is provided with a safety login verification algorithm, the industrial control encryption software is used for carrying out security check on login of an operating system and is configured with a data encryption algorithm, the safety chip is used for carrying out safety login protection and data safety protection on the industrial control encryption software, and the safety chip carries out data encryption processing on the industrial control encryption software by adopting a national standard commercial encryption algorithm; the data encryption algorithm comprises a login strategy, the industrial control encryption software is configured with an encryption database, hash value information generated by performing hash value calculation on user name information and password information by a security chip through a national commercial encryption algorithm SM3 algorithm is stored in the encryption database, the login strategy comprises the steps of receiving the user name information and the password information after the login of an operating system is successful, comparing the user name information and the password information with the hash value information stored in the encryption database, successfully logging in the industrial control encryption software after the comparison is consistent, and otherwise, failing to log in; the safety encryption strategy comprises the steps of encrypting data generated by the operation of industrial control encryption software by using a built-in national commercial encryption algorithm SM4 of a safety chip, deleting plaintext and keeping ciphertext corresponding to the data after encryption calculation, and deleting ciphertext and keeping plaintext corresponding to the data after decryption calculation.
Preferably, the secure login verification algorithm includes receiving PIN information, the secure chip verifies the input PIN information and a PIN code built in the secure chip, if the verification is consistent, the operating system login is successful, otherwise, the operating system login is failed. The safety login verification algorithm is realized on the basis of the operating system bottom layer of the pc end, and the PIN code verification is added on the basis of the traditional password login, so that the login verification of a double-layer operating system is realized, the operating system is more difficult to be attacked from the outside, and the safety of files in the operating system is improved.
Preferably, the secure login verification algorithm further includes a locking policy, where the locking policy is configured to configure that the PIN code checks that the number of login failures exceeds a first threshold, and the secure chip enters a locked state, that is, the operating system cannot log in.
Preferably, the industrial control encryption software is further configured with a password recovery algorithm for recovering the login password of the industrial control encryption software.
Preferably, the password retrieving algorithm includes receiving user name information, comparing the user name information with user name information stored in an encryption database, further obtaining PIN information to input if the comparison is consistent, verifying the input PIN information with a PIN code built in the security chip, and allowing to reset a login password or display an original password if the verification is consistent.
Preferably, the processor adopts a FT2000/4 type domestic Feiteng processor; the domestic operating system adopts the Galaxy kylin operating system v 10.
Preferably, the bridge chip is connected with the interface of the security chip through a USB HUB chip and a USB2.0 interface; the expansion interfaces of the bridge chip comprise 14 USB2.0 interfaces, 4 USB3.0 interfaces and 12 RS232 full serial ports.
Preferably, the bridge chip is a domestic bridge chip, the bridge chip at least comprises 10 paths of output, the output of the 1 st path is connected with the first USB HUB chip through a USB2.0 line, 1 output end of the first USB HUB chip is connected with the safety chip interface through a USB2.0 line, 1 output end is connected with the M.2 interface through a USB2.0 line, and the other two output ends are connected with 2 USB2.0 expansion interfaces; the 2 nd output and the 3 rd output of the bridge chip are respectively and electrically connected with a second USB HUB chip and a third USB HUB chip through USB2.0 lines, and 4 output ends of the second USB HUB chip and the third USB HUB chip are respectively connected with 4 USB2.0 interfaces; the 4 th output of the bridge chip is connected with a USB-to-P/S2 chip through a USB2.0 wire, and the output end of the USB-to-P/S2 chip is connected with a P/S2 keyboard and mouse interface; the 5 th output, the 6 th output and the 7 th output of the bridge chip are connected to a connector, the connector comprises 3 output ends, the 1 st output end is connected with a USB HUB chip IV through a USB2.0 line, 4 output ends of the USB HUB chip IV are respectively connected with 4 USB2.0 interfaces, the other two output ends of the connector are respectively connected with a USB serial-to-serial port chip through a USB2.0 line, and the two USB serial-to-serial port chips are respectively connected with 4 RS232 serial ports; the 8 th path of output of the bridge chip is connected with 4 USB3.0 interfaces; and the 9 th output of the bridge chip is connected with the SATA interface, and the 10 th output is connected with the mSATA interface.
Preferably, the processor is integrated with a DDR4 interface, a QSPI interface, two RGMII interfaces, a pcie x16 interface, two pcie x1 interfaces, a pcie x4 interface, and an HDA interface;
the QSPI interface is connected with the BIOS system; the two PCIEx1 interfaces are respectively connected with the M.2 interface and the PCIE serial-to-serial port chip; the processor is connected with the bridge chip through a PCIEx4 interface; the PCIEx16 interface is connected with the PCIEx16 interface slot and used for expanding the display card; the HDA interface is connected with an audio chip; the DDR4 interface is connected with the memory; the RGMII interface leads out an RJ45 kilomega network; the industrial personal computer mainboard is also provided with an SODIMM memory module, 2 DDR4 memory slots and 2 DDR4 memory banks, and is used for providing a storage space which is less than or equal to 32G.
Compared with the prior art, the invention has the beneficial effects that:
the main board of the industrial personal computer is provided with the processor and the bridge chip, the bridge chip is electrically connected with the safety chip by adopting a USB2.0 protocol, the safety chip is arranged to realize the safety encryption function of the main board of the industrial personal computer, and the risks of damage and accidental loss caused by repeated plugging and unplugging in the traditional USBKey mode are avoided.
According to the invention, by setting a safe login verification algorithm and a data encryption algorithm, the safe login function of an operating system and the file data encryption function of industrial control encryption software are realized; and the security of the operating system file is comprehensively ensured by setting the double login authentication of the operating system and the industrial control encryption software and the security encryption strategy configured by the industrial control encryption software.
Drawings
FIG. 1 is a circuit diagram of a first embodiment of an industrial personal computer system with a secure encryption function according to the present invention;
FIG. 2 is a flow chart of a PIN code checking work flow in a safety login checking algorithm of the industrial personal computer system with the safety encryption function;
FIG. 3 is a flow chart of the work flow of login of industrial control encryption software in the data encryption algorithm of the industrial control computer system with the security encryption function;
FIG. 4 is a flow chart of the encryption work flow in the data encryption algorithm of the industrial personal computer system with the security encryption function;
FIG. 5 is a flowchart of the decryption work flow in the data encryption algorithm of the industrial personal computer system with the security encryption function;
FIG. 6 is a flow chart of the password recovery work flow of the industrial personal computer system with the security encryption function;
FIG. 7 is a circuit diagram of the motherboard of the industrial personal computer in the industrial personal computer system with the security encryption function.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a first embodiment of an industrial personal computer system with a secure encryption function provided by the present invention is an industrial personal computer system with a secure encryption function, which includes an industrial personal computer motherboard and an operating system carried by the industrial personal computer, wherein the operating system is further configured with industrial control encryption software, the industrial personal computer motherboard includes a processor, a bridge chip and a secure chip, the processor and the bridge chip use a PCIE3.0 high-speed serial bus for signal transmission, the protocol is used for transmission to ensure a higher signal transmission rate when signal lines are fewer, the bridge chip and the secure chip are electrically connected by a USB2.0 protocol, and interface universality and a higher signal transmission rate are both considered.
As shown in fig. 2, the operating system is configured with a secure login verification algorithm for performing secure verification on login of the operating system, the secure chip is configured with a secure login verification algorithm, the industrial personal computer authorizes registration of a new user based on the domestic operating system in a manner of verifying a PIN code built in the encryption chip, and the user completes registration by inputting a user name, a password and a correct PIN code; the safe login function of the safe encryption industrial personal computer means that a user enters a safe login graphical interface through external display equipment when logging in a domestic operating system of the industrial personal computer, a PIN code is input, verification is carried out through a verification algorithm of a safety chip, if the verification is passed, the user successfully logs in the operating system, otherwise, the operating system fails to log in, the login failure exceeds 4 times, and the safety chip enters a locked state and cannot log in the operating system.
As shown in fig. 3, the domestic operating system is configured with industrial control encryption software, the industrial control encryption software is configured with a data encryption algorithm and is used for performing secure login protection and data security protection on the industrial control encryption software, and the object of data security protection includes data generated in the operation process of the industrial control encryption software and any other data stored in the hard disk of the industrial control computer, that is, security protection can be performed on all data stored in the hard disk of the industrial control computer.
The safety chip adopts a national standard commercial encryption algorithm to carry out data encryption processing on industrial control encryption software; through with the integrated on the industrial computer mainboard of security chip, make the industrial computer mainboard can be from taking encryption function. Fig. 3 is a login work flow diagram of industrial control encryption software in a data encryption algorithm, wherein the data encryption algorithm comprises a login strategy, the industrial control encryption software is configured with an encryption database, a hash value information generated by performing hash value calculation on user name information and password information by a security chip through adopting a national commercial encryption algorithm SM3 is stored in the encryption database, the login strategy comprises that after an operating system successfully logs in, the user name information and the password information are received and compared with the hash value information stored in the encryption database, the industrial control encryption software successfully logs in after the comparison is consistent, otherwise, the login fails.
The working steps are as follows: (1) taking a user name and a password as combined information, carrying out hash value calculation on the combined information registered by the user based on a national commercial encryption algorithm SM3 algorithm, and storing a calculated data file into a background system; (2) when a user logs in the industrial control encryption software, a user name and a password are input, a hash value of currently input combination information is calculated through a domestic security chip, the hash value is compared with a stored data file and then logs in the industrial control encryption software, and otherwise, the logging fails; (3) after entering the industrial control encryption software, the user can utilize the domestic security chip to realize corresponding encryption calculation based on the national commercial encryption algorithm SM4 algorithm.
As shown in fig. 4, the data encryption algorithm further includes a security encryption policy, where the security encryption policy includes that a user enters industrial control encryption software and then based on a national commercial encryption algorithm SM4 algorithm, a security chip can be used to implement corresponding encryption calculation, and a plaintext after the encryption calculation automatically deletes a reserved ciphertext, thereby ensuring the security of encrypted data.
As shown in fig. 5, the data encryption algorithm further includes a security encryption policy, where the security encryption policy includes that a user enters industrial control encryption software and then based on a national commercial encryption algorithm SM4 algorithm, a security chip can be used to implement corresponding decryption calculation, and a ciphertext after decryption calculation is automatically deleted to retain a plaintext, so as to further ensure the security of encrypted and decrypted data.
As shown in fig. 6, which is a work flow diagram of password recovery, the secure chip is further configured with a password recovery policy, and the password recovery policy includes recovery by a PIN code verification method. Specifically, the password recovery algorithm comprises the steps of receiving user name information, comparing the user name information with user name information stored in an encryption database, further obtaining PIN information to input if the comparison is consistent, verifying the input PIN information with a built-in PIN code by a security chip, and allowing to reset a login password or display an original password if the verification is consistent.
As shown in fig. 7, which is a circuit connection diagram of the motherboard of the industrial personal computer, the bridge chip is connected with the interface of the security chip through the USB HUB chip and the USB2.0 interface, and the processor is connected with the bridge chip through the pcie x4 interface. The bridge piece adopts domestic bridge piece, and the bridge piece changes serial port chip connection multichannel expansion interface through USB HUB chip and USB, and wherein, the expansion interface of bridge piece includes 14 USB2.0 interfaces, 4 USB3.0 interfaces and 12 RS232 full serial ports.
Specifically, the bridge piece at least comprises 10 paths of output, the output of the first path is connected with a first USB HUB chip through a USB2.0 line, 1 output end of the first USB HUB chip is connected with a safety chip interface through a USB2.0 line, 1 output end of the first USB HUB chip is connected with an M.2 interface through a USB2.0 line, the other two output ends of the first USB HUB chip are connected with 2 USB2.0 expansion interfaces, the output of the second path and the output of the 3 path of the bridge piece are respectively and electrically connected with a second USB HUB chip and a third USB HUB chip through USB2.0 lines, and 4 output ends of the second USB HUB chip and the third USB HUB chip are respectively connected with 4 USB2.0 interfaces; the 4 th output of the bridge chip is connected with a USB-to-P/S2 chip through a USB2.0 line, the output end of the USB-to-P/S2 chip is connected with a P/S2 keyboard-mouse interface, the 5 th output, the 6 th output and the 7 th output of the bridge chip are connected to a connector, the connector comprises 3 output ends, the 1 st output end is connected with a USB HUB chip IV through a USB2.0 line, the 4 output ends of the USB HUB chip IV are respectively connected with 4 USB2.0 interfaces, the other two output ends of the connector are respectively connected with a USB-to-serial port chip through a USB2.0 line, and the two USB-to-serial port chips are respectively connected with 4 RS232 serial ports; the 8 th path of output of the bridge chip is connected with 4 USB3.0 interfaces; the 9 th output of the bridge sheet is connected with the SATA interface, and the 10 th output is connected with the mSATA interface, so that 14 USB2.0 interfaces, 4 USB3.0 interfaces and 12 RS232 full serial ports are provided, and the field use requirements of the industrial personal computer can be completely met.
The processor adopts an FT2000/4 type domestic Feiteng processor; the processor is integrated with a DDR4 interface, a QSPI interface, two RGMII interfaces, a PCIEx16 interface, two PCIEx1 interfaces, a PCIEx4 interface and an HDA interface;
the QSPI interface is connected with the BIOS system; the two PCIEx1 interfaces are respectively connected with the M.2 interface and the PCIE serial-to-serial port chip; the processor is connected with the bridge chip through a PCIEx4 interface; the PCIEx16 interface is connected with the PCIEx16 interface slot and used for expanding the display card; the HDA interface is connected with an audio chip; the DDR4 interface is connected with the memory; the RGMII interface brings out an RJ45 gigabit network. The industrial personal computer mainboard is also provided with an SODIMM memory module, 2 DDR4 memory slots and 2 DDR4 memory banks, and is used for providing a storage space which is less than or equal to 32G.
The industrial personal computer mainboard is also provided with a heat dissipation circuit and a reset circuit, the heat dissipation circuit comprises a thermistor and a PWM fan interface, and the reset circuit comprises a reset key and a power-on reset time sequence control circuit.
The working principle is as follows: the main board of the industrial personal computer is provided with the processor and the bridge piece, the bridge piece is electrically connected with the safety chip by adopting a USB2.0 protocol, the safety encryption function of the main board of the industrial personal computer can be realized by the arrangement of the safety chip, and the risks of damage and accidental loss caused by repeated plugging and unplugging are avoided; the domestic Feiteng processor and the domestic bridge chip are adopted in specific implementation, and a domestic safety chip interface is reserved for hardware encryption and decryption operation, so that domestic autonomous safety is further enhanced, and the technical requirements of the market on data safety and reliability can be met. In addition, the industrial personal computer main board realizes the functions of safe login and file data encryption by setting a safe login verification algorithm and a data encryption algorithm, can perform data encryption and decryption operation on a domestic Galaxy kylin operating system, and can meet the technical requirements of the market on data safety and reliability; and the security of the operating system file is comprehensively ensured by setting the double login authentication of the operating system and the industrial control encryption software and the security encryption strategy configured by the industrial control encryption software.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (7)

1. The utility model provides an industrial computer system with safe encryption function, includes the industrial computer mainboard, its characterized in that: the industrial personal computer comprises a main board, a bridge chip and a safety chip, wherein the main board of the industrial personal computer comprises a processor, the bridge chip and the safety chip, the processor and the bridge chip adopt a PCIE3.0 high-speed serial bus for signal transmission, the bridge chip and the safety chip adopt a USB2.0 protocol for electric connection, the operating system is provided with a safety login verification algorithm for performing safety verification on login of the operating system, the industrial personal control encryption software is provided with a data encryption algorithm for performing safety login protection and data safety protection on the industrial personal control encryption software, and the safety chip adopts a national standard commercial encryption algorithm for performing data encryption processing on the industrial personal control encryption software; the data encryption algorithm comprises a login strategy, the industrial control encryption software is configured with an encryption database, hash value information generated by performing hash value calculation on user name information and password information by a security chip through a national commercial encryption algorithm SM3 algorithm is stored in the encryption database, the login strategy comprises the steps of receiving the user name information and the password information, comparing the user name information and the password information with the hash value information stored in the encryption database, successfully logging in the industrial control encryption software after the comparison is consistent, and otherwise, the login is failed; the safety encryption strategy comprises the steps of encrypting data generated by the operation of industrial control encryption software by using a built-in national commercial encryption algorithm SM4 of a safety chip, deleting plaintext and keeping ciphertext corresponding to the data after encryption calculation, and deleting ciphertext and keeping plaintext corresponding to the data after decryption calculation.
2. The industrial personal computer system with the security encryption function according to claim 1, wherein: the safety login verification algorithm comprises the steps that PIN information is received, the safety chip verifies the input PIN information and a built-in PIN code, if the verification is consistent, the login of the operating system is successful, and otherwise, the login of the operating system is failed; the safety login verification algorithm is realized on the basis of the operating system bottom layer of the pc end, and the double-layer operating system login verification is realized by adding PIN code verification on the basis of the traditional password login.
3. The industrial personal computer system with the security encryption function according to claim 2, wherein: the security login verification algorithm further comprises a locking strategy, the locking strategy is configured in such a way that the number of login failure times of PIN code detection exceeds a first threshold value, and the security chip enters a locking state.
4. The industrial personal computer system with the security encryption function according to claim 3, wherein: and the industrial control encryption software is also provided with a password recovery algorithm for recovering the login password of the industrial control encryption software.
5. The industrial personal computer system with the security encryption function according to claim 4, wherein: the password retrieving algorithm comprises the steps of receiving user name information, comparing the user name information with user name information stored in an encryption database, further obtaining PIN information to input if the comparison is consistent, verifying the input PIN information with a built-in PIN code by a security chip, and allowing a login password to be reset or displaying the original password if the verification is consistent.
6. The industrial personal computer system with the security encryption function according to claim 5, wherein: the bridge chip is connected with the interface of the safety chip through the USB HUB chip and the USB2.0 interface; the expansion interfaces of the bridge chip comprise 14 USB2.0 interfaces, 4 USB3.0 interfaces and 12 RS232 full serial ports.
7. The industrial personal computer system with the security encryption function according to claim 6, wherein: the bridge chip is a domestic bridge chip, and the processor is connected with the bridge chip through a PCIEx4 interface.
CN202110682560.XA 2021-06-21 2021-06-21 Industrial personal computer system with safety encryption function Active CN113259129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110682560.XA CN113259129B (en) 2021-06-21 2021-06-21 Industrial personal computer system with safety encryption function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110682560.XA CN113259129B (en) 2021-06-21 2021-06-21 Industrial personal computer system with safety encryption function

Publications (2)

Publication Number Publication Date
CN113259129A true CN113259129A (en) 2021-08-13
CN113259129B CN113259129B (en) 2021-09-24

Family

ID=77188869

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110682560.XA Active CN113259129B (en) 2021-06-21 2021-06-21 Industrial personal computer system with safety encryption function

Country Status (1)

Country Link
CN (1) CN113259129B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150524A (en) * 2013-01-30 2013-06-12 华中科技大学 Safe memory chip, system and authentication method of safe memory chip
CN103490895A (en) * 2013-09-12 2014-01-01 北京斯庄格科技有限公司 Industrial control identity authentication method and device with state cryptographic algorithms
CN103929312A (en) * 2014-04-29 2014-07-16 深圳市中兴移动通信有限公司 Mobile terminal and method and system for protecting individual information of mobile terminal
CN104573516A (en) * 2014-12-25 2015-04-29 中国科学院软件研究所 Industrial control system trusted environment control method and platform based on safety chip
US20190280860A1 (en) * 2017-01-25 2019-09-12 saleforce.com.Inc. Secure user authentication based on multiple asymmetric cryptography key pairs
CN110325995A (en) * 2016-06-30 2019-10-11 通用电气公司 The industrial control platform of safety
CN112087460A (en) * 2020-09-11 2020-12-15 北京中宏致远科技有限公司 Independently controllable security chip based on industry internet

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150524A (en) * 2013-01-30 2013-06-12 华中科技大学 Safe memory chip, system and authentication method of safe memory chip
CN103490895A (en) * 2013-09-12 2014-01-01 北京斯庄格科技有限公司 Industrial control identity authentication method and device with state cryptographic algorithms
CN103929312A (en) * 2014-04-29 2014-07-16 深圳市中兴移动通信有限公司 Mobile terminal and method and system for protecting individual information of mobile terminal
CN104573516A (en) * 2014-12-25 2015-04-29 中国科学院软件研究所 Industrial control system trusted environment control method and platform based on safety chip
CN110325995A (en) * 2016-06-30 2019-10-11 通用电气公司 The industrial control platform of safety
US20190280860A1 (en) * 2017-01-25 2019-09-12 saleforce.com.Inc. Secure user authentication based on multiple asymmetric cryptography key pairs
CN112087460A (en) * 2020-09-11 2020-12-15 北京中宏致远科技有限公司 Independently controllable security chip based on industry internet

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
彭竹: "电力行业工控终端设备安全接入系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
郑志红: "基于兆芯处理器的工业控制计算机主板设计", 《工业控制计算机》 *

Also Published As

Publication number Publication date
CN113259129B (en) 2021-09-24

Similar Documents

Publication Publication Date Title
US8122172B2 (en) Portable information security device
CN101881997B (en) Trusted safe mobile storage device
KR101636638B1 (en) Anti-malware protection operation with instruction included in an operand
US20150244778A1 (en) Assembling of Isolated Remote Data
CN106549750A (en) With computer-implemented method and the system and computer program using which
US11354048B2 (en) Storage device and data disposal method thereof
US20060112267A1 (en) Trusted platform storage controller
EP2725514B1 (en) Security information sharing system and execution method thereof
CN107528829A (en) BMC chip, server end and its remote monitoring and administration method
CN101420299B (en) Method for enhancing stability of intelligent cipher key equipment and intelligent cipher key equipment
CN102004705B (en) USB storage device based on hardware encryption
CN201549223U (en) Trusted secure portable storage device
CN113259129B (en) Industrial personal computer system with safety encryption function
CN113449284A (en) Firmware verification mechanism
US11146389B2 (en) Method and apparatus for ensuring integrity of keys in a secure enterprise key manager solution
CN102314574A (en) HID (human interface device)-based method for setting access rights of host machine
CN116009971A (en) Trusted measurement method and system
CN113448886A (en) Memory mapping protection mechanism
CN2896370Y (en) Intelligent key device
EP3007092B1 (en) Mobile device-based authentication method and authentication apparatus
CN203616758U (en) USB (universal serial bus) storage device with multilayer structure
CN105550602A (en) Secure computer motherboard encrypted based on State-Cryptography-Administration algorithm and encryption method
CN215376313U (en) Industrial computer mainboard with safety encryption function
CN203350883U (en) Computer data information anti-stealing device
CN105159847A (en) Disk change record method based on trusted chip

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230904

Address after: 2nd Floor, Building 212, No. 216 Hongqi Road, Nankai District, Tianjin, 300000 (Science and Technology Park)

Patentee after: Tianjin Zhonghuan Hengda Technology Co.,Ltd.

Address before: 300000 No. 214, Hongqi Road, Nankai District, Tianjin

Patentee before: TIANJIN ZHONGHUAN ELECTRONIC COMPUTER Co.,Ltd.