CN116383902A - Secret-related USB interface authorized connection equipment and authorized connection method thereof - Google Patents
Secret-related USB interface authorized connection equipment and authorized connection method thereof Download PDFInfo
- Publication number
- CN116383902A CN116383902A CN202310206764.5A CN202310206764A CN116383902A CN 116383902 A CN116383902 A CN 116383902A CN 202310206764 A CN202310206764 A CN 202310206764A CN 116383902 A CN116383902 A CN 116383902A
- Authority
- CN
- China
- Prior art keywords
- mobile storage
- user
- confidential
- authorization
- authorized connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000013475 authorization Methods 0.000 claims abstract description 74
- 230000003993 interaction Effects 0.000 claims abstract description 67
- 238000012790 confirmation Methods 0.000 claims abstract description 28
- 230000005540 biological transmission Effects 0.000 claims abstract description 16
- 238000012795 verification Methods 0.000 claims abstract description 6
- 230000002452 interceptive effect Effects 0.000 claims description 33
- 230000008569 process Effects 0.000 claims description 6
- 230000009471 action Effects 0.000 claims description 3
- 230000001351 cycling effect Effects 0.000 claims description 3
- 230000007613 environmental effect Effects 0.000 claims 1
- 238000004146 energy storage Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses confidential USB interface authorized connection equipment and an authorized connection method thereof. The method comprises the following steps: s1: authorizing the connecting equipment to access to the secret-related host computer, and confirming the security of the secret-related environment; s2: the mobile storage device is inserted into a corresponding USB female head on the authorization connection device, and authorization information of a user is judged through at least two random identity verification modes; s3: after judging the authorization information of the user, closing a contact switch on the data transmission line, enabling the mobile storage device to communicate with the authorization connection device, and judging the authorization information of the mobile storage device; s4: and encrypting and transmitting the interaction data according to the time stamp by combining the authorization information of the user and the environment information of the secret-related environment according to the authorization information of the mobile storage device. The confidential environment confirmation, the user identity confirmation, the mobile storage device confirmation and the encryption transmission are sequentially carried out, so that the management and control capability of each type of mobile storage device is enhanced.
Description
Technical Field
The invention relates to the field of data protection, in particular to confidential USB interface authorized connection equipment and an authorized connection method thereof.
Background
The computer and network of key secret units relate to important secret information, and the network part of the computer and network adopts a private network form to be isolated from the Internet and is physically isolated from the Internet, so that the possibility of secret leakage through the network is small, and therefore, the USB interface widely applied is an important control object. The monitoring software deployed on the computer is used for identifying the mobile storage device connected with the USB port, and the unauthorized mobile storage device can only give an alarm after being connected with the computer and cannot control the unauthorized mobile storage device to be connected with the computer, so that information leakage is easy to occur.
At present, three common USB management and control means are mainly adopted, namely, a USB interface is forbidden, namely, a method of plugging or dismantling the USB interface is adopted; secondly, a nonstandard USB interface is adopted; thirdly, USB error connection preventing equipment is adopted.
The first means has the advantages of basically avoiding the possibility of information leakage caused by accessing the mobile storage device through the USB interface, and has the disadvantages that staff cannot access the authenticated mobile storage device through the USB interface, so that great inconvenience is brought to daily work.
The second means has the advantages that part of mobile storage equipment is stopped from being accessed through the USB interface, the control function can be achieved to a certain extent, the mobile storage equipment interface is required to be customized and authenticated, inconvenience is caused to work to a certain extent, and the control force for accessing the mobile storage equipment which is not authenticated is low.
The third means provides a mode of adopting a USB extension line, a USB connector and a related warning sign in USB misplug-proof connection equipment under a secret-related environment to control the access of authenticated mobile storage equipment. For example, an "anti-misplug connection device for USB under secret-related environment" disclosed in chinese patent literature, its bulletin number CN207765742U, includes a USB extension line and a USB adapter, the USB extension line includes a wire, both ends of the wire are equipped with a USB male port, both ends of the USB adapter are respectively equipped with a USB female port one and a USB female port two, the USB female port one is connected with a USB male port on the USB extension line in a matching manner, and the USB female port two is connected with a USB device in a matching manner. The mobile storage device authentication method has the advantages that the authentication can be controlled without additional transformation, the mobile storage device authentication method has the control capability of the USB interface to a certain extent, and the mobile storage device authentication without registration and the operation without the warning sign do not have the control capability of the USB interface access.
Disclosure of Invention
The invention mainly solves the problems of weak management and control capability, high cost, low efficiency and long time of the prior art on multiple types of secret-related mobile storage equipment; the secret-related USB interface authorization connection device and the authorization connection method thereof are provided, and secret-related environment confirmation, user identity confirmation, mobile storage device confirmation and encryption transmission are sequentially carried out, so that the management and control capability of various types of mobile storage devices is enhanced.
The technical problems of the invention are mainly solved by the following technical proposal:
the utility model provides a secret USB interface authorizes connected device, includes the equipment body and with public head of USB and the female head of USB of equipment body coupling, still includes:
the man-machine interaction assembly is arranged on the equipment body, acquires various biological information of a user, and displays the authorized connection state of the mobile storage equipment;
the connection authorization unit is used for judging the environment information of the host accessed by the USB male head; judging the authorization information of the user and the authorization information of the accessed mobile storage equipment; and encrypting and transmitting the interactive data according to the environment information and the authorization information.
The confidential environment confirmation, the user identity confirmation, the mobile storage equipment confirmation and the encryption transmission are sequentially carried out, so that the management and control capability of each type of mobile storage equipment is enhanced; and the confirmation of various factors is integrated, so that the risk of secret-related data leakage is reduced.
Preferably, the connection authorization unit includes
A power supply for supplying power to each part of the authorized connection device;
the main control module is electrically connected with the man-machine interaction assembly, the USB male head and the USB female head, and judges the authorization information of the user according to the biological information of the user acquired by the man-machine interaction assembly; judging the authorization information of the mobile storage equipment accessed by the USB female;
the contact switch is arranged on a data transmission line of the USB female head and the main control module, is closed when the authorization information of a user is judged to be correct, and is opened when the mobile storage equipment is pulled out of the USB female head.
Firstly, the identity of a user is confirmed, then authorization information judgment of the mobile storage device is carried out, and data leakage caused by the fact that outsiders use authorized mobile energy storage devices is avoided.
Preferably, the man-machine interaction assembly comprises:
the fingerprint component acquires fingerprint information of a user;
the microphone acquires voiceprint information of a user;
the camera is used for acquiring face information of a user;
the LED interaction screen is used for inputting passwords, displaying interaction information and the authorized connection state of the mobile storage device.
The biological information is obtained by random combination to confirm the identity of the user, so that the confirmation result is more accurate, the user can be confirmed to use the device, and the leakage of confidential data is avoided.
Preferably, the USB male is a non-standard USB male; the USB female head comprises a standard USB female head and a non-standard USB female head.
Adapting standard and nonstandard mobile storage devices facilitates management of multiple types of mobile storage devices.
An authorized connection method of authorized connection equipment of a confidential USB interface comprises the following steps:
s1: authorizing the connecting equipment to access to the secret-related host computer, and confirming the security of the secret-related environment;
s2: the mobile storage device is inserted into a corresponding USB female head on the authorization connection device, and authorization information of a user is judged through at least two random identity verification modes;
s3: after judging the authorization information of the user, closing a contact switch on the data transmission line, enabling the mobile storage device to communicate with the authorization connection device, and judging the authorization information of the mobile storage device;
s4: and encrypting and transmitting the interaction data according to the time stamp by combining the authorization information of the user and the environment information of the secret-related environment according to the authorization information of the mobile storage device.
The confidential environment confirmation, the user identity confirmation, the mobile storage device confirmation and the encryption transmission are sequentially carried out, so that the management and control capability of each type of mobile storage device is enhanced.
Preferably, the security verification process of the secret-related environment comprises the following steps:
a1: obtaining an IP of a secret-related host, inquiring whether the IP of the secret-related host is in an IP list preset in authorized connection equipment, if so, entering the next step of judgment; if not, sending out a warning to remind the user;
a2: the authorized connection equipment randomly sends a network access request command to the confidential host, and if the access is successful, a warning is sent to remind a user; otherwise, the confidential host feeds back the receipt encrypted according to the time stamp;
a3: the authorized connection equipment adopts a general encryption protocol to decrypt, if the plaintext is obtained, the authorized connection equipment alarms to a user, otherwise, the authorized connection equipment judges the security of the confidential environment.
The security of the secret-related environment is ensured, and the security of data interaction is ensured.
Preferably, the authentication mode includes fingerprint authentication, voiceprint authentication, face authentication and password authentication, wherein the password authentication uses different passwords for different authorization levels of the same user according to the authentication mode which is necessary; the user identity information is bound with the authorization information. Rights management for users by passwords.
Preferably, after the mobile storage device communicates with the authorized connection device, it is determined whether the mobile storage device is registered in the confidential environment, and the registered and unregistered mobile storage devices are marked respectively. The method not only solves the problem that the mobile storage equipment which is authenticated by registration is authorized to access the confidential USB interface, but also can solve the problem of instant management and control of the confidential USB interface accessed by the mobile storage equipment which is not authenticated by registration.
Preferably, the step S4 includes the following steps:
s401: judging whether the interactive environment is in a secret-related environment, if so, entering the next step, otherwise, directly carrying out data interaction;
s402: after the interaction instruction is obtained, judging whether the action corresponding to the interaction execution is within the range of the authorization information of the user; if yes, entering the next step; if not, ending and giving an alarm;
s403: encrypting interaction data according to the time stamp for the registered mobile storage equipment and then transmitting the interaction data to a corresponding area; and checking whether the interaction request accords with the authority for the unregistered mobile storage device.
The method not only solves the problem that the mobile storage equipment which is authenticated by registration is authorized to access the confidential USB interface, but also can solve the problem of instant management and control of the confidential USB interface accessed by the mobile storage equipment which is not authenticated by registration.
Preferably, the registered mobile storage device includes a plurality of storage areas corresponding to the year, month, day, time, minute, second and LOG of the time stamp respectively; replacing a timestamp part corresponding to the storage area after the rated time; storing a time stamp in the LOG area and a time stamp part corresponding to the storage area;
the encryption process according to the time stamp is as follows:
converting the interaction data into binary numbers; dividing binary interaction data according to the proportion among years, months, days, hours, minutes and seconds in the interaction time stamp;
respectively converting the year, month, day, time, minute and second in the time stamp into binary numbers, aligning with the corresponding divided parts of the binary interactive data, and if the bit number of the binary time stamp is less than that of the binary interactive data, cycling the binary time stamp to enable the bit number to be the same as that of the binary interactive data;
when the binary time stamp corresponding to the binary interactive data is 1, inverting the binary interactive data; when the binary time stamp corresponding to the binary interactive data is 0, the binary interactive data is kept unchanged;
and traversing each bit of data of the encrypted binary interaction data and storing the data into a corresponding storage area.
And the encryption transmission further ensures the safety of the data.
The beneficial effects of the invention are as follows:
1. the confidential environment confirmation, the user identity confirmation, the mobile storage equipment confirmation and the encryption transmission are sequentially carried out, so that the management and control capability of each type of mobile storage equipment is enhanced;
2. firstly, the identity of a user is confirmed through the biological data which are randomly combined, then authorization information judgment of the mobile storage device is carried out, and data leakage caused by the fact that outsiders use authorized mobile energy storage devices is avoided.
3. Encrypting interaction data according to the time stamp for the registered mobile storage equipment and then transmitting the interaction data to a corresponding area; and checking whether the interaction request accords with the authority for the unregistered mobile storage device. The method not only solves the problem that the mobile storage equipment which is authenticated by registration is authorized to access the confidential USB interface, but also can solve the problem of instant management and control of the confidential USB interface accessed by the mobile storage equipment which is not authenticated by registration.
Drawings
Fig. 1 is a schematic structural diagram of a secret-related USB interface authorization connection device of the present invention.
Fig. 2 is a connection block diagram of the connection authorization unit of the present invention.
Fig. 3 is a flowchart of an authorized connection method of the confidential USB interface authorized connection device of the present invention.
FIG. 4 is a flow chart of the security validation process of the present invention in relation to a secure environment.
Fig. 5 is a flow chart of the encryption interactions of the present invention.
In the figure, the device comprises a device body 1, a USB male head 2, a USB female head 3, a fingerprint assembly 4, a microphone 5, a camera 6, a 7-LED interactive screen 8, a main control module 9, a power supply and a 10-contact switch.
Detailed Description
The technical scheme of the invention is further specifically described below through examples and with reference to the accompanying drawings.
Examples:
an authorized connection device for a confidential USB interface of this embodiment, as shown in fig. 1, includes a device body 1.
The device body 1 is provided with a plurality of USB female heads 3, and the USB female heads 3 comprise standard USB female heads and nonstandard USB female heads. Adapting standard and nonstandard mobile storage devices facilitates management of multiple types of mobile storage devices.
The device body 1 is connected with a standard USB male head 2 through a data line. The authorized connection device is accessed to the secret-related host through the USB male head 2. If the USB interface of the confidential host is a non-standard USB female, the USB interface can be converted by the connector converter.
The equipment body 1 is provided with a man-machine interaction assembly for acquiring various biological information of a user and displaying the authorized connection state of the mobile storage equipment. In this implementation, the man-machine interaction component includes a fingerprint component 4, a microphone 5, a camera 6, and an LED interaction screen 7.
The fingerprint component 4 is used for acquiring fingerprint information of a user; the microphone 5 is used for acquiring voiceprint information of a user; the camera 6 acquires face information of a user. The user inputs biological information including fingerprints, voiceprints, faces and the like in the authorized connecting device in advance, and the biological information is used for confirming the identity information of the user.
The LED interaction screen 7 is used for inputting passwords, displaying interaction information and authorized connection states of the mobile storage device.
The biological information is obtained by random combination to confirm the identity of the user, so that the confirmation result is more accurate, the user can be confirmed to use the device, and the leakage of confidential data is avoided.
A connection authorization unit is arranged in the equipment body 1 and used for judging the environment information of the confidential host accessed by the USB male head 2; judging the authorization information of the user and the authorization information of the accessed mobile storage equipment; and encrypting and transmitting the interactive data according to the environment information and the authorization information.
As shown in fig. 2, in the present embodiment, the connection authorization unit includes a main control module 8, a power supply 9, and a contact switch 10.
A power supply 9 supplies power to each part of the authorized connection device; the main control module 8 is electrically connected with the man-machine interaction assembly, the USB male head 2 and the USB female head 3, and judges the authorization information of the user according to the biological information of the user acquired by the man-machine interaction assembly; and judging the authorization information of the mobile storage equipment accessed by the USB female head 3.
The contact switch 10 is arranged on a data transmission line of the USB female head 3 and the main control module 8, and is closed when the authorization information of a user is judged to be correct, and is opened when the mobile storage equipment is pulled out of the USB female head 3.
Firstly, the identity of a user is confirmed, then authorization information judgment of the mobile storage device is carried out, and data leakage caused by the fact that outsiders use authorized mobile energy storage devices is avoided.
The confidential environment confirmation, the user identity confirmation, the mobile storage equipment confirmation and the encryption transmission are sequentially carried out, so that the management and control capability of each type of mobile storage equipment is enhanced; and the confirmation of various factors is integrated, so that the risk of secret-related data leakage is reduced.
Embodiment two:
the authorized connection method of the authorized connection device of the confidential USB interface of the present embodiment, as shown in fig. 3, includes the following steps:
s1: and authorizing the connecting equipment to access to the secret-related host to confirm the security of the secret-related environment.
The authorized connection equipment is accessed to the secret-related host through the USB male connector 2, and if the USB interface of the secret-related host is a non-standard USB female connector, the USB interface can be converted through the connector converter.
The security confirmation process of the confidential environment comprises the following steps:
a1: obtaining an IP of a secret-related host, inquiring whether the IP of the secret-related host is in an IP list preset in authorized connection equipment, if so, entering the next step of judgment; if not, a warning is sent to remind the user.
And (3) inputting the IP addresses of all the secret-related hosts in the local area network or the private network into an IP list, judging whether the corresponding secret-related hosts are the corresponding secret-related hosts according to the IP when the authorized connection equipment is accessed to the hosts, if so, judging the security of the network environment, otherwise, directly warning the user, paying attention to the network security, and avoiding the leakage of secret-related data in interaction.
A2: the authorized connection equipment randomly sends a network access request command to the confidential host, and if the access is successful, a warning is sent to remind a user; otherwise, the confidential host feeds back the receipt encrypted according to the time stamp.
And judging whether the confidential host is networked or not by randomly sending a network access request, if the access is successful, indicating that the host is accessed to the Internet, and ensuring the network security to be doubtful, so that the leakage of confidential data caused by data interaction is avoided. Otherwise, the receipt is encrypted and fed back, if the receipt is encrypted, the receipt is encrypted by default according to the timestamp encryption method in the step S4.
A3: the authorized connection equipment adopts a general encryption protocol to decrypt, if the plaintext is obtained, the authorized connection equipment alarms to a user, otherwise, the authorized connection equipment judges the security of the confidential environment.
And adopting a general protocol for decryption, if the receipt can be decrypted to obtain a plaintext, the ciphertext of the interactive data is not high in security, the security of the confidential environment needs to be noted, and otherwise, the security of the confidential environment is judged. The security of the secret-related environment is ensured, and the security of data interaction is ensured.
S2: the mobile storage device is inserted into a corresponding USB female on the authorized connection device, and authorization information of a user is judged through at least two random identity verification modes.
The authentication modes in the present embodiment include fingerprint authentication, voiceprint authentication, face authentication, and password authentication.
The password authentication is performed according to an identity authentication mode which is necessary, different passwords are used for different authorization levels of the same user, and user identity information is bound with authorization information.
Rights management for users by different passwords. The rights include manager rights, guest rights, and time-limited rights.
The biological information is obtained by random combination to confirm the identity of the user, so that the confirmation result is more accurate, the user can be confirmed to use the device, and the leakage of confidential data is avoided.
S3: and after judging the authorization information of the user, closing a contact switch on the data transmission line, so that the mobile storage equipment communicates with the authorization connection equipment, and judging the authorization information of the mobile storage equipment.
After the mobile storage device communicates with the authorized connection device, judging whether the mobile storage device is registered in the secret-related environment, and marking the registered mobile storage device and the unregistered mobile storage device respectively. The method not only solves the problem that the mobile storage equipment which is authenticated by registration is authorized to access the confidential USB interface, but also can solve the problem of instant management and control of the confidential USB interface accessed by the mobile storage equipment which is not authenticated by registration.
The registered mobile storage equipment comprises a plurality of storage areas, namely a year, a month, a day, a time, a minute, a second and a LOG which respectively correspond to the time stamps, and the time stamp parts corresponding to the storage areas are replaced through rated time; the LOG area stores a time stamp and a time stamp portion corresponding to the storage area.
For example, the storage areas of the registered mobile storage device sequentially include a first storage area to a sixth storage area, and the first storage area to the fifth storage area sequentially correspond to the year, month, day, time, minute, and second of the time stamp at the initial time, and the sixth storage area is fixed as a LOG storage area; after the rated time, the second storage area to the fifth storage area sequentially correspond to the year, month, day, time and minute of the time stamp, the first storage area corresponds to the second of the time stamp, and the sixth storage area is fixed to be a LOG storage area.
S4: and encrypting and transmitting the interaction data according to the time stamp by combining the authorization information of the user and the environment information of the secret-related environment according to the authorization information of the mobile storage device.
S401: judging whether the interactive environment is in a secret-related environment, if so, entering the next step, and if not, directly carrying out data interaction. If the environment is not a secret-related environment, the problem of secret-related interaction does not need to be concerned.
S402: after the interaction instruction is obtained, judging whether the action corresponding to the interaction execution is within the range of the authorization information of the user; if yes, entering the next step; if not, ending and giving an alarm.
The operation instruction is ensured not to exceed the authorized range of a user, the operation safety is ensured, and the manual leakage of confidential data is avoided.
S403: encrypting interaction data according to the time stamp for the registered mobile storage equipment and then transmitting the interaction data to a corresponding area; and checking whether the interaction request accords with the authority for the unregistered mobile storage device.
The encryption process according to the time stamp is as follows:
b1: converting the interaction data into binary numbers; binary interaction data is partitioned according to the proportion of years, months, days, hours, minutes and seconds in the interaction time stamp.
The binary interactive data is segmented proportionally according to the proportion of the time stamp of the interactive request, and if the number of bits of the part corresponding to the time stamp of the binary interactive data after the segmentation of the time stamp is smaller than a preset bit number threshold value, the time stamp is removed, and the binary interactive data is segmented proportionally according to the time stamp of the time stamp.
B2: and respectively converting the year, month, day, time, minute and second in the time stamp into binary numbers, aligning with the corresponding divided parts of the binary interaction data, and if the bit number of the binary time stamp is less than that of the binary interaction data, cycling the binary time stamp to enable the bit number to be identical with that of the binary interaction data.
B3: when the binary time stamp corresponding to the binary interactive data is 1, inverting the binary interactive data; when the binary time stamp corresponding to the binary interactive data is 0, the binary interactive data is kept unchanged.
B4: and traversing each bit of data of the encrypted binary interaction data and storing the data into a corresponding storage area.
For example, if the second of the corresponding timestamp is 22 seconds, the binary number is 10110, and if the corresponding divided binary interactive data is 100010110101001, the binary encrypted interactive data aligned with the binary timestamp is 001111101111111. The encrypted binary encrypted interactive data is stored in the corresponding storage area.
And the encryption transmission further ensures the safety of the data.
The confidential environment confirmation, the user identity confirmation, the mobile storage device confirmation and the encryption transmission are sequentially carried out, so that the management and control capability of each type of mobile storage device is enhanced.
Accessing the LOG area in the mobile storage device requires verifying the ID of the connection authorization device when the LOG area in the mobile storage device is accessible by verification.
When secret data in the mobile storage device is required to be read, the corresponding host is required to be accessed through the connection authorization device.
When the accessed host is a secret-related host, the connection authorization equipment provides an ID to access the LOG area, and the encrypted data are decrypted and combined to obtain a plaintext; when the accessed host computer judges that the environment is not confidential, the connection authorization device does not provide ID to access the LOG area, namely the encrypted data cannot be decrypted and combined, and the security of confidential data is ensured.
When the mobile storage device is directly connected to the host, the encrypted data cannot be decrypted because the ID of the authorized device is not connected, so that the safety of the data is ensured.
And for unregistered mobile storage devices, checking whether the interaction request accords with the authority, and executing the interaction request, wherein the authority for the registered mobile storage devices comprises data uploading and read-only data, and the data cannot be downloaded to the mobile storage devices.
The method not only solves the problem that the mobile storage equipment which is authenticated by registration is authorized to access the confidential USB interface, but also can solve the problem of instant management and control of the confidential USB interface accessed by the mobile storage equipment which is not authenticated by registration.
It should be understood that the examples are only for illustrating the present invention and are not intended to limit the scope of the present invention. Further, it is understood that various changes and modifications may be made by those skilled in the art after reading the teachings of the present invention, and such equivalents are intended to fall within the scope of the claims appended hereto.
Claims (10)
1. The utility model provides a secret-related USB interface authorizes connected device, includes the equipment body and public head of USB and the female head of USB of being connected with the equipment body, its characterized in that still includes:
the man-machine interaction assembly is arranged on the equipment body, acquires various biological information of a user, and displays the authorized connection state of the mobile storage equipment;
the connection authorization unit is used for judging the environment information of the host accessed by the USB male head; judging the authorization information of the user and the authorization information of the accessed mobile storage equipment; and encrypting and transmitting the interactive data according to the environment information and the authorization information.
2. The secret-related USB interface authorization connection apparatus of claim 1, wherein the connection authorization unit includes
A power supply for supplying power to each part of the authorized connection device;
the main control module is electrically connected with the man-machine interaction assembly, the USB male head and the USB female head, and judges the authorization information of the user according to the biological information of the user acquired by the man-machine interaction assembly; judging the authorization information of the mobile storage equipment accessed by the USB female;
the contact switch is arranged on a data transmission line of the USB female head and the main control module, is closed when the authorization information of a user is judged to be correct, and is opened when the mobile storage equipment is pulled out of the USB female head.
3. A secure USB interface authorization connection device according to claim 1 or 2, wherein the man-machine interaction component comprises:
the fingerprint component acquires fingerprint information of a user;
the microphone acquires voiceprint information of a user;
the camera is used for acquiring face information of a user;
the LED interaction screen is used for inputting passwords, displaying interaction information and the authorized connection state of the mobile storage device.
4. The confidential USB interface authorization connection device according to claim 1, wherein the USB male is a non-standard USB male; the USB female head comprises a standard USB female head and a non-standard USB female head.
5. An authorized connection method of an authorized connection device of a confidential USB interface, using an authorized connection device of a confidential USB interface according to any one of claims 1 to 4, comprising the steps of:
s1: authorizing the connecting equipment to access to the secret-related host computer, and confirming the security of the secret-related environment;
s2: the mobile storage device is inserted into a corresponding USB female head on the authorization connection device, and authorization information of a user is judged through at least two random identity verification modes;
s3: after judging the authorization information of the user, closing a contact switch on the data transmission line, enabling the mobile storage device to communicate with the authorization connection device, and judging the authorization information of the mobile storage device;
s4: and encrypting and transmitting the interaction data according to the time stamp by combining the authorization information of the user and the environment information of the secret-related environment according to the authorization information of the mobile storage device.
6. The authorized connection method of the confidential USB interface authorized connection device according to claim 5, wherein the confidential environmental security confirmation process includes:
a1: obtaining an IP of a secret-related host, inquiring whether the IP of the secret-related host is in an IP list preset in authorized connection equipment, if so, entering the next step of judgment; if not, sending out a warning to remind the user;
a2: the authorized connection equipment randomly sends a network access request command to the confidential host, and if the access is successful, a warning is sent to remind a user; otherwise, the confidential host feeds back the encrypted receipt;
a3: the authorized connection equipment adopts a general encryption protocol to decrypt, if the plaintext is obtained, the authorized connection equipment alarms to a user, otherwise, the authorized connection equipment judges the security of the confidential environment.
7. The authorized connection method of the authorized connection device of a confidential USB interface according to claim 5 or 6, wherein the authentication modes include fingerprint authentication, voiceprint authentication, face authentication and password authentication, wherein the password authentication uses different passwords for different authorization levels for the same user according to the authentication modes which are necessary; the user identity information is bound with the authorization information.
8. The authorized connection method of the confidential USB interface authorized connection device according to claim 5, wherein after the mobile storage device communicates with the authorized connection device, it is determined whether the mobile storage device is registered in the confidential environment, and the registered and unregistered mobile storage devices are marked respectively.
9. An authorized connection method of an authorized connection device of a confidential USB interface according to claim 5, 6 or 8, wherein said step S4 comprises the following steps:
s401: judging whether the interactive environment is in a secret-related environment, if so, entering the next step, otherwise, directly carrying out data interaction;
s402: after the interaction instruction is obtained, judging whether the action corresponding to the interaction execution is within the range of the authorization information of the user; if yes, entering the next step; if not, ending and giving an alarm;
s403: encrypting interaction data according to the time stamp for the registered mobile storage equipment and then transmitting the interaction data to a corresponding area; and checking whether the interaction request accords with the authority for the unregistered mobile storage device.
10. The authorized connection method of the confidential USB interface authorized connection device according to claim 9, wherein the registered mobile storage device includes a plurality of storage areas corresponding to the year, month, day, time, minute, second and LOG of the time stamp respectively; replacing a timestamp part corresponding to the storage area after the rated time; storing a time stamp in the LOG area and a time stamp part corresponding to the storage area;
the encryption process according to the time stamp is as follows:
converting the interaction data into binary numbers; dividing binary interaction data according to the proportion among years, months, days, hours, minutes and seconds in the interaction time stamp;
respectively converting the year, month, day, time, minute and second in the time stamp into binary numbers, aligning with the corresponding divided parts of the binary interactive data, and if the bit number of the binary time stamp is less than that of the binary interactive data, cycling the binary time stamp to enable the bit number to be the same as that of the binary interactive data;
when the binary time stamp corresponding to the binary interactive data is 1, inverting the binary interactive data; when the binary time stamp corresponding to the binary interactive data is 0, the binary interactive data is kept unchanged;
and traversing each bit of data of the encrypted binary interaction data and storing the data into a corresponding storage area.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310206764.5A CN116383902B (en) | 2023-02-28 | 2023-02-28 | Secret-related USB interface authorized connection equipment and authorized connection method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310206764.5A CN116383902B (en) | 2023-02-28 | 2023-02-28 | Secret-related USB interface authorized connection equipment and authorized connection method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116383902A true CN116383902A (en) | 2023-07-04 |
| CN116383902B CN116383902B (en) | 2023-12-19 |
Family
ID=86960597
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310206764.5A Active CN116383902B (en) | 2023-02-28 | 2023-02-28 | Secret-related USB interface authorized connection equipment and authorized connection method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116383902B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201142490Y (en) * | 2007-12-26 | 2008-10-29 | 北京飞天诚信科技有限公司 | USB switching equipment with switch |
| WO2012111018A1 (en) * | 2011-02-17 | 2012-08-23 | Thozhuvanoor Vellat Lakshmi | Secure tamper proof usb device and the computer implemented method of its operation |
| CN204517037U (en) * | 2015-04-10 | 2015-07-29 | 王林坤 | Relating computer USB moves the special public affairs of storage device to male plug interface |
| CN106330950A (en) * | 2016-09-17 | 2017-01-11 | 上海林果实业股份有限公司 | Method and system for accessing encrypted information, and adapter |
| CN107257350A (en) * | 2017-07-28 | 2017-10-17 | 胡祥义 | The offline authentication or method of payment of a kind of " wearable " equipment or mobile phone |
| CN107483415A (en) * | 2017-07-26 | 2017-12-15 | 国网江西省电力公司南昌供电分公司 | A kind of mutual authentication method of shared electricity consumption interactive system |
| US20200068399A1 (en) * | 2018-08-24 | 2020-02-27 | Averon Us, Inc. | Methods, apparatuses, and computer program products for performing identification and authentication by linking mobile device biometric confirmation with third-party mobile device account association |
| CN210838360U (en) * | 2019-12-24 | 2020-06-23 | 江西掌控者信息安全技术有限责任公司 | Computer USB interface safety device |
| US20200287897A1 (en) * | 2019-03-04 | 2020-09-10 | Visa International Service Association | Biometric interaction manager |
| CN112910867A (en) * | 2021-01-21 | 2021-06-04 | 四三九九网络股份有限公司 | Double verification method for trusted equipment to access application |
| CN113392435A (en) * | 2021-05-24 | 2021-09-14 | 国网湖北省电力有限公司电力科学研究院 | Intelligent substation USB interface safety management and control system and method |
| CN113543125A (en) * | 2021-06-24 | 2021-10-22 | 杭州华宏通信设备有限公司 | Encryption transmission method of 5G array antenna |
| CN114465790A (en) * | 2022-01-24 | 2022-05-10 | 蚂蚁区块链科技(上海)有限公司 | Method, device and equipment for processing IP content library service |
| CN114520976A (en) * | 2022-04-20 | 2022-05-20 | 北京时代亿信科技股份有限公司 | Authentication method and device for user identity identification card and nonvolatile storage medium |
| US20220337570A1 (en) * | 2021-04-16 | 2022-10-20 | Verizon Patent And Licensing Inc. | System and method for distributed, keyless electronic transactions with authentication |
-
2023
- 2023-02-28 CN CN202310206764.5A patent/CN116383902B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201142490Y (en) * | 2007-12-26 | 2008-10-29 | 北京飞天诚信科技有限公司 | USB switching equipment with switch |
| WO2012111018A1 (en) * | 2011-02-17 | 2012-08-23 | Thozhuvanoor Vellat Lakshmi | Secure tamper proof usb device and the computer implemented method of its operation |
| CN204517037U (en) * | 2015-04-10 | 2015-07-29 | 王林坤 | Relating computer USB moves the special public affairs of storage device to male plug interface |
| CN106330950A (en) * | 2016-09-17 | 2017-01-11 | 上海林果实业股份有限公司 | Method and system for accessing encrypted information, and adapter |
| CN107483415A (en) * | 2017-07-26 | 2017-12-15 | 国网江西省电力公司南昌供电分公司 | A kind of mutual authentication method of shared electricity consumption interactive system |
| CN107257350A (en) * | 2017-07-28 | 2017-10-17 | 胡祥义 | The offline authentication or method of payment of a kind of " wearable " equipment or mobile phone |
| US20200068399A1 (en) * | 2018-08-24 | 2020-02-27 | Averon Us, Inc. | Methods, apparatuses, and computer program products for performing identification and authentication by linking mobile device biometric confirmation with third-party mobile device account association |
| US20200287897A1 (en) * | 2019-03-04 | 2020-09-10 | Visa International Service Association | Biometric interaction manager |
| CN210838360U (en) * | 2019-12-24 | 2020-06-23 | 江西掌控者信息安全技术有限责任公司 | Computer USB interface safety device |
| CN112910867A (en) * | 2021-01-21 | 2021-06-04 | 四三九九网络股份有限公司 | Double verification method for trusted equipment to access application |
| US20220337570A1 (en) * | 2021-04-16 | 2022-10-20 | Verizon Patent And Licensing Inc. | System and method for distributed, keyless electronic transactions with authentication |
| CN113392435A (en) * | 2021-05-24 | 2021-09-14 | 国网湖北省电力有限公司电力科学研究院 | Intelligent substation USB interface safety management and control system and method |
| CN113543125A (en) * | 2021-06-24 | 2021-10-22 | 杭州华宏通信设备有限公司 | Encryption transmission method of 5G array antenna |
| CN114465790A (en) * | 2022-01-24 | 2022-05-10 | 蚂蚁区块链科技(上海)有限公司 | Method, device and equipment for processing IP content library service |
| CN114520976A (en) * | 2022-04-20 | 2022-05-20 | 北京时代亿信科技股份有限公司 | Authentication method and device for user identity identification card and nonvolatile storage medium |
Non-Patent Citations (8)
| Title |
|---|
| JULIA JUREMI 等: "FlashSafe: USB Flash Drives Encryption Tool with AES Algorithm", IEEE, pages 537 - 540 * |
| MANJULA G 等: "Probability based selective encryption scheme for fast encryption of medical images", ACM, pages 1 - 7 * |
| 吴昊;: "基于U盘认证的主机信息安全传输系统的设计", 信息与电脑(理论版), no. 07, pages 46 - 47 * |
| 林英俊;骆钊;薄鑫;温立超;杨正和;金钧华;: "电力系统内网终端安全管理研究", 电力信息与通信技术, no. 12, pages 104 - 110 * |
| 王颖;: "移动存储介质权限管理和认证方法的研究", 电脑知识与技术, no. 18, pages 4373 - 4378 * |
| 苏志新;申永军;黄宏文;: "基于USB接口的涉密数据传输可信监控系统研究", 广西大学学报(自然科学版), no. 1, pages 93 - 99 * |
| 裔睿;: "非涉密移动存储介质管控系统建设研究――政府部门USB端口管控系统建设案例", 软件导刊, no. 06, pages 122 - 124 * |
| 郭辰;: "移动存储设备信息安全的探索", 金融科技时代, no. 05, pages 77 - 79 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116383902B (en) | 2023-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102217277B (en) | Method and system for token-based authentication | |
| CA2748563C (en) | Biometric key | |
| KR100783446B1 (en) | System, apparatus and method for providing data security using the usb device | |
| CN100533459C (en) | Data safety reading method and safety storage apparatus thereof | |
| CN100495421C (en) | Authentication protection method based on USB device | |
| CN103037370A (en) | Portable storage device and identity authentication method | |
| CN101483654A (en) | Method and system for implementing authentication and data safe transmission | |
| EP3072273B1 (en) | Systems and methods for fuel dispenser security | |
| CN201037941Y (en) | Electronic lock system by using public key system to verify digital signature | |
| US20150360932A1 (en) | Systems and Methods for Fuel Dispenser Security | |
| CN108900296B (en) | Secret key storage method based on biological feature identification | |
| CN104282058A (en) | Unlocking method of Bluetooth-based safety intelligent lock system with video monitoring function | |
| CA2538850A1 (en) | Record carrier, system, method and program for conditional access to data stored on the record carrier | |
| CN111654510B (en) | Signing terminal with national encryption function and signing data transmission method | |
| CN104282060B (en) | A kind of method for unlocking of safety intelligent lock system | |
| CN111583482A (en) | Access control system based on two-dimensional code and control method thereof | |
| GB2432436A (en) | Programmable logic controller peripheral device | |
| CN107995985B (en) | Financial payment terminal activation method and system | |
| CN104135480A (en) | Entrance guard authorization system and entrance guard authorization method | |
| CN116662957A (en) | Identity authentication method, identity authentication device, computer readable storage medium and computer equipment | |
| US20100042845A1 (en) | Ic tag system | |
| CN105787319A (en) | Iris recognition-based portable terminal and method for same | |
| CN110738764A (en) | Security control system and method based on intelligent lock | |
| CN116383902B (en) | Secret-related USB interface authorized connection equipment and authorized connection method thereof | |
| CA2296208C (en) | Cryptographic token and security system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |